PDA

View Full Version : Software company spying through server license



geo_n
02-09-2014, 06:56 AM
Wonder who else is doing it?
http://forums.cgsociety.org/showthread.php?f=2&t=1151366&page=4&pp=15

Worse than cloud software?

50one
02-09-2014, 07:18 AM
Wonder who else is doing it?
http://forums.cgsociety.org/showthread.php?f=2&t=1151366&page=4&pp=15

Worse than cloud software?

Hmmm, dunno...every friggin' government on this planet perhaps, time to read eulas, beside if you're using legit software you shoudln't give a damn if the software sends the info, which in fact is stated again in EULA...

I think is hipocrisy, that folks don't give a damn about Prism, wikileaks, genocides, fukushima cover-up, yet they're unhappy about software sending usage infor ation to the vendor.....

Oedo 808
02-09-2014, 07:19 AM
I don't want to be unnecessarily sensationalist but I think The Foundry's terms and conditions allow them to profile you. I remember someone was talking about a plug in on here to do with Nuke, if I recall correctly it was hosted on a forum related to Nuke, I had a look at signing up but although I rarely more than glance at the terms and condition, I didn't like what they were asking and passed.

It's very anecdotal, and things may have changed, but The Foundry aren't separate in my mind to Apple, Adobe et al as alluded to by someone in that article.

The loss of my business is no big deal because I'm just a pauper, but if my needs did expand I would need to look very carefully at the Foundry's modus operandi before jumping into bed with their software.

UnCommonGrafx
02-09-2014, 07:25 AM
Fear-mongering works on many levels.

And the hypocrisy is real. An interesting perspective to note on so many topics of debate.

Oedo 808
02-09-2014, 07:36 AM
Fear-mongering works on many levels.

And the hypocrisy is real. An interesting perspective to note on so many topics of debate.

I have no idea if that is profound wisdom or pseudo-intellectual tosh. :stumped:

geo_n
02-09-2014, 08:15 AM
Yeah fukushima cover up. Cant really do anything since Dentsu controls the media and hundreds of companies even overseas. But.....Everthing is awesome. Everything is cool when we're part of the team. :D

UnCommonGrafx
02-09-2014, 08:46 AM
Odeo,
Both.

The unfortunates of our binary view on life to suit our emotional needs.

(Time to turn this thing off.)

cresshead
02-09-2014, 09:22 AM
if you have nothing to hide, what's the problem?

Oedo 808
02-09-2014, 10:17 AM
Odeo,
Both.

The unfortunates of our binary view on life to suit our emotional needs.

(Time to turn this thing off.)

Ha, well I think getting getting prickly over this stuff is not such a bad thing, perhaps.

If anyone doubts the validity of the 'thin end of the wedge' concern, they've never experience feature creep.

cagey5
02-09-2014, 10:18 AM
if you have nothing to hide, what's the problem?

That's a sentiment I've never understood and never will.

cresshead
02-09-2014, 10:22 AM
it's in their EULA that they can look...so you've already agreed it's okay.
so what's the problem?

gristle
02-09-2014, 12:21 PM
if you have nothing to hide, what's the problem?

Haha, we just had a bit of a scrap in NZ over our international spy agency (illegally) spying on NZ citizens.
A guy at work would get on his soapbox with that one liner, so we said, sure, we'd love to see your bank account statements!

cresshead
02-09-2014, 01:23 PM
Haha, we just had a bit of a scrap in NZ over our international spy agency (illegally) spying on NZ citizens.
A guy at work would get on his soapbox with that one liner, so we said, sure, we'd love to see your bank account statements!

if your using nuke you've already agreed to the EULA when you installed it that says they can look at your computer...
EULA = End User Licence Agreeent

stay on topic if possible.

gristle
02-09-2014, 01:37 PM
Sure, in fact, Bye.

jwiede
02-09-2014, 01:44 PM
it's in their EULA that they can look...so you've already agreed it's okay.
so what's the problem?

Exactly, the EULA explicitly states customers give The Foundry the right to employ means of checking how many licenses are running, and report that back to them (no different from the EULAs of many other products, from many other companies). If you look at the precise phrasing they even make a reasonable effort to be tightly specific about just what info is exchanged. For a multi-thousand-dollar-per-seat product like Nuke, I'm not the least bit surprised they're asking for such checking/reporting abilities.

Furthermore, it's far from clear the email was legitimate, as it had a large number of suspicious tells, and elements that seem implausible in an "official" communication. The OP never posted the actual return address in its entirety nor contacted The Foundry to confirm. It could easily be spoofing by scammers who somehow got a zombie going inside The Foundry or found an email account they could access. Unfortunately, the OP's refusal to contact The Foundry means if it is scammers somehow, they get to continue with their scam, because without the email info in question it'll be difficult for The Foundry to root out the compromised machine/account.

IMO, when a situation has as many questionable elements as the OP's did, automatically presuming they're telling an honest and accurate version of what's happening is probably not a reasonable response. I find the OP's refusal to even attempt to contact The Foundry to check on the authenticity of the email particularly suspicious.

robertoortiz
02-09-2014, 02:41 PM
Well for YEARS Autodesk has been doing Software audits of 3D companies in the 3rd world to check that they are not using pirated software. Google "Autodesk Software Audits" for more information.

saranine
02-09-2014, 05:26 PM
I still think that the OP email wasn't from Luxology. It reads like spam/phishing to me.

jwiede
02-10-2014, 01:14 AM
I still think that the OP email wasn't from Luxology. It reads like spam/phishing to me.

Yep, that's my sense as well, something is phishy here. Another possibility is that the OP is just outright misrepresenting aspects of what occurred. We'll likely never know the full story.

erikals
02-10-2014, 04:36 AM
if you have nothing to hide, what's the problem?

even with nothing to hide, your information can still be misused.

it's not like corruption doesn't occur.


trust these companies?...

saranine
02-10-2014, 04:41 AM
even with nothing to hide, your information can still be misused.

it's not like corruption doesn't occur.


trust these companies?...


People who say that if you have nothing to hide...um no....even if you are entirely honest your information can be taken out of context and used to condemn you. It's like some cardinal [Richelieu?] said in the Spanish Inquisition:

Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.

If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.

erikals
02-10-2014, 04:48 AM
Word.

50one
02-10-2014, 05:21 AM
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.

If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.

During the Soviet Era we had "Show me a guy...and I will find paragraph" :)


Completely agree, people saying that "You have nothing to fear if you haven't done anything wrong" are just ignorant lazy bastards in my book.:)

GandB
02-10-2014, 08:41 AM
Not to mention; having any personal info hosted on other company's servers has proven "hazardous" at times, when that company doesn't employ proper counter-hacking protocols. Take a look at the Target breaches, and other companies recently. I don't want any company to have any more info than they absolutely have to have. Walking into a local store here (KMart), they always want your zip code and phone number. I just want to buy some gum; do you want my money or not?

Oedo 808
02-10-2014, 09:15 AM
During the Soviet Era we had "Show me a guy...and I will find paragraph" :)


Completely agree, people saying that "You have nothing to fear if you haven't done anything wrong" are just ignorant lazy bastards in my book.:)

:ohmy:

roboman
02-10-2014, 09:25 AM
if you have nothing to hide, what's the problem?
History is full of people who went broke defending them self from false accusations. Also people tend to remember the accusation but don't tend to remember that it was shown to be a false accusation. In a business where your reputation matters (nearly all of them) being falsely accused of a criminal act can be very damaging.


it's in their EULA that they can look...so you've already agreed it's okay.
so what's the problem?
Reasonable argument, if the person ever aggregated to the elu. The person they are accusing clearly never agreed, since they never had or installed the software. With someone who pirated the software... they probably didn't even get a copy of the elu

BigHache
02-10-2014, 11:15 AM
it's in their EULA that they can look...so you've already agreed it's okay.
so what's the problem?

From a security standpoint, if you (or your IT dept) has locked down ports to manage data transfer and their software is somehow finding a way around that, they could potentially be compromising your entire internal network and you'd have no idea. IF that were the case then it would be a HUGE problem. At that point it's not about you have no data to hide, it's more that malicious intent from another party could exploit that vulnerability and compromise your data.

Paranoid? Yes, but I don't think it's unwarranted paranoia.

kmacphail
02-10-2014, 09:04 PM
The person they are accusing clearly never agreed, since they never had or installed the software.
If the software was never installed then there was no software for the Foundry to have snooped with.


With someone who pirated the software... they probably didn't even get a copy of the elu
Are you saying that someone who uses pirated software and fails to also receive the EULA is somehow victimized by the software reporting back to home base that it is a potentially pirated version? That would be like a burgler feeling victimized if a LoJack protected laptop they stole reported its current location.

The real question is do you believe the Foundry sent the email?

Cheers,

-K

geo_n
02-10-2014, 09:38 PM
I've heard autodesk or its reseller sends out similar emails but didn't ever hear anyone say its information gathered from a stream from the computer to their server. More like emails sent to who they suspect are not using all licensed software and they will audit.
Since there's no reply from the Foundry on that cgtalk thread I'm more likely to believe its standard practice for them and its legit.

spherical
02-10-2014, 10:52 PM
If the software was never installed then there was no software for the Foundry to have snooped with.

Good point.


The real question is do you believe the Foundry sent the email?

The biggest tell is that there were multiple addresses in the To: field of a message on a sensitive subject. No reputable company would risk a law suit by purposefully disclosing something like this to anyone other than the individual that they are talking with. All of the rest of the points were pretty much soundly addressed by readers in the CGS thread.


Yep, that's my sense as well, something is phishy here. Another possibility is that the OP is just outright misrepresenting aspects of what occurred.

We know that headers can be forged and therefore cannot be trusted. Neither can the ones presented as proof that the email "isn't spam". By the time the Reply-to: question was finally answered, it would be my guess that the Reply-to: was forged after the fact.

JonW
02-11-2014, 02:16 AM
An interesting program in ABC (Aust) RN. They are all at it. If you don't want others to know what you are doing. Stop using every single electronic devise. Only meet in person, arrange at least 2 meetings ahead just in case you fail to turn up to the first meeting for what ever reason, & so you don't contact others to arrange the next meeting! All pretty straight forward, but if you are reading this for clues to avoid surveillance it's too late!

meshpig
02-11-2014, 04:24 AM
... Walking into a local store here (KMart), they always want your zip code and phone number. I just want to buy some gum; do you want my money or not?

The only thing worse is having your bag checked on the way out... yeah, like what the F would I want to steal here? :)

erikals
02-11-2014, 09:01 AM
An interesting program in ABC (Aust) RN. They are all at it. If you don't want others to know what you are doing. Stop using every single electronic devise. Only meet in person, arrange at least 2 meetings ahead just in case you fail to turn up to the first meeting for what ever reason, & so you don't contact others to arrange the next meeting! All pretty straight forward, but if you are reading this for clues to avoid surveillance it's too late!

http://erikalstad.com/backup/misc.php_files/smile.gif

but what about your friends that are tracking every single step you make on facebook / twitter... http://erikalstad.com/backup/misc.php_files/047.gif
or your mam writing on e-mail to her friends where you are heading...

no Sir, it's not that easy...


i almost feel a bit guilty as i'm not on Facebook... :o

JonW
02-12-2014, 02:04 AM
I have never used Facebook or Twitter. Actually at a meeting a few months ago a speaker said you can get us on Facebook & asked who had it. I did a quick count & less than 7% of people said they were on it & then it was only because of children. So there is a promising start!

Usually I leave my phone at home on the desk so I don't get pestered by others, but this also has the added benefit of others not knowing where I am! It also roams between a handful of Sydney suburbs which are miles apart and across Sydney Harbour. Absolute confusion for everyone. I just have to avoid all the cameras out there! Australia is a world leader in surveillance with more cameras & spying per capita than any other country.

I also buy everything with cash, but my primary reason is that I get things cheaper! It is surprising how much businesses knock off for cash & they still give a receipt!

I was clearing out the storeroom the other day & the dear old lady who did the gardening died a few years ago, had something very useful for growing azaleas!? She use to buy it in bulk, she told me that it was cheaper, but being a suspicious person I think she had a different agenda due to the very large number of drums!

prometheus
02-12-2014, 04:18 PM
erikals and jonW...heres another retrograder:) Never had facebook, have never liked the concept of it...twitter I have used for some tweets on behalf of a company a few times, but not personally.

I think we people are too flooded with too much social medias... actually not necessary, more a hype created from it´s very authors, and it could very well make it harder for a company to bee seen where they should be seen instead of being spread out
in different medias people actually don´t want to follow, I don´t follow newtek on facebook or twitter, only here on the forums and their newsmail and the lightwave main page, and that is almost too much.
Checking my personal mail everyday lands on maybe 11-15 mails everyday, and mostly from this forums, and part of that is my fault being to active on the forums..have to hold that back really.
No ..go out for a walk or a run, or work more actually with lighwave instead of visiting social medias too much.

the lightwave group now has 5 social medias..facebook,pinterest,twitter,youtube, google plus...huh, might check those other four someday...it´s gonna be fun for my retirement around 15 years ahead maybe, then I got all the time.

Riff_Masteroff
02-17-2014, 03:51 PM
A year ago I assembled two computers. The first, a reasonably fast workstation: and the second, a lesser computer to be used for internet only.

The main software installed (current versions) on the workstation is LightWave, Fusion and PhotoLine. That computer is unplugged, as in CAT6 cable hanging loose next to the switch. Data transfer between the two computers is done manually via 32gb USB stick.

My situation may be different than yours . . . . I am retired. My status has been lowered to a hobbyist, I guess.

I have done nothing wrong, therefore I have nothing to worry about.

Off topic: recently I considered purchasing and installing some German software (Dopus) . . . . . but the FAQs on their website required an internet connection to check 'software integrity'. Oh well, no Dopus and I will live with 'explorer'.

jwiede
02-18-2014, 03:05 AM
Off topic: recently I considered purchasing and installing some German software (Dopus) . . . . . but the FAQs on their website required an internet connection to check 'software integrity'. Oh well, no Dopus and I will live with 'explorer'.

Off-topic^2: DirectoryOpus is a product from GPSoftware (aka Greg Perry Software, IIRC), from Australia, though I believe Haage&co. are distributors for it.

"Now you know something!"

saranine
02-18-2014, 03:15 AM
I agree - I gave up Facebook in 2010. I'd got everything that I wanted from it. So I nuked my page and have never used it since. Twitter - never used it. Hate mobile phones. Never owned one. Hate the blessed things. Block all of the online trackers too. Unless there is a real guy outside from ASIO spying with binoculars I am as spy proof as I can be. The spies can't watch me.

saranine
02-18-2014, 03:18 AM
I watched a program a few days ago about internet trolls. Forgotten what it was called. I'm better off without social media. The "troll hunter" who they interviewed had to disguise his voice and face because
he feared that trolls would hurt his family. It's ridiculous.

Luc_Feri
02-18-2014, 07:29 AM
I'm really not bothered if the The Foundry want to backdoor spy on me, I have nothing to hide and as long as they are professional with the information then no worries.

I'd rather they did penalise software houses using cracked software , especially when honest people pay a ton of money for it.

I recently watched a tutorial on YouTube with a multiple pipeline workflow and from several screenshots of this persons desktop and file folders, he was clearly using cracked software. Unbelievably blatant.

There are enough cheap or free solutions these days for 3D or digital art, no excuses.

I do agree though that misuse of information is too rampant and yes I am paranoid about all this, I'm just waiting for the UK government to hand over my medical records and history to some chav scum to exploit or sell on.

I had been spam free for 4 years until Adobe was hacked and got my email out in the wilderness, thankfully that was all they got!!

erikals
02-18-2014, 07:45 AM
I'm really not bothered if the The Foundry want to backdoor spy on me, I have nothing to hide and as long as they are professional with the information then no worries.

so no family pictures on your computer then, that hackers could leak to the net?
maybe you would be fine with it, but are you sure your family would?


I'd rather they did penalise software houses using cracked software , especially when honest people pay a ton of money for it.

do you think Adobe and AutoDesk would lower the price, just to be nice?


he was clearly using cracked software. Unbelievably blatant.

cracked software sucks in some ways, but let's not make this a discussion about that.


I had been spam free for 4 years until Adobe was hacked and got my email out in the wilderness, thankfully that was all they got!!

and yet you say... "I'm really not bothered if the The Foundry want to backdoor spy on me, I have nothing to hide and as long as they are professional with the information then no worries."

erikals
02-18-2014, 07:50 AM
Off topic: recently I considered purchasing and installing some German software (Dopus) . . . . . but the FAQs on their website required an internet connection to check 'software integrity'. Oh well, no Dopus and I will live with 'explorer'.

not off topic at all, i considered Dopus at one point, now, definitely not.

Luc_Feri
02-18-2014, 08:29 AM
OK Erik,

Lets not sensationalise the 'The Foundry' backdoor thing if it exists at all. I'm sure it's nothing more than if the software is running and a network connection is detected it will attempt to report in to a foundry server and log information. I really don't think they'll be looking through my documents or picture folders!! :D

That is why I'm ok with that if that is what occurs, which is likely at best. Most software these days tries to detect an internet connection and autoupdate unless otherwise ammended to do so, it will not browse through my personal stuff.

I'm not asking AutoDesk or Adobe to reward or lower prices just because I am a subscriber and pay my way and give me loyalty. I realise that as a consumer if I want a company to thrive and to continue to provide the best software and support, then freeloading will perhaps contribute to the death of a company, given time. Then we'll all be using Blender or Gimp, which is ok if that is what you want. :D

We all give out information , the Adobe incident may have been prevented with better encryption or security measures at their end. It is out of my control and that is that, I take my chances and hope for the best.

erikals
02-18-2014, 08:56 AM
it's not likely, it's highly unlikely, but the more companies that jump on the "big brother" scanning, the higher the chances will be that info gets stolen or abused.

not only personal data, but also secret company data, or even family data.

somewhat related, this is also why some countries got kinda p***ed at the US lately, as it turned out NSA hacks and steals data from companies over seas.

(not saying NSA is all bad though)


but for people in general, i would say it's better to be safe, than sorry.

Matt
02-18-2014, 12:55 PM
Off topic: recently I considered purchasing and installing some German software (Dopus) . . . . . but the FAQs on their website required an internet connection to check 'software integrity'. Oh well, no Dopus and I will live with 'explorer'.

Do you have a link to this?

I've used Dopus for years without issue. It's an awesome utility that I couldn't live without. Only thing I've ever seen it do is check the license I installed is valid the first time. Then just checks for program updates. GPSoft is a small operation, I highly doubt they're doing anything suspicious with your data.


While we're on the topic, no, we don't "call home".

spherical
02-18-2014, 02:07 PM
Don't I remember LightWave sending packets to Verisign? Haven't seen it lately, though.

Riff_Masteroff
02-18-2014, 07:21 PM
"Do you have a link to this? . . . . . . Only thing I've ever seen it do is check the license I installed is valid the first time. . . . . .While we're on the topic, no, we don't "call home".

Requested link: http://resource.dopus.com/viewtopic.php?t=17445 Please read all the stuff at the bottom of that page.
I guess Matt doesn't take my words at face value.

I have setup my computer system to minimize internet dangers, a year ago. Nothing is 'completely' safe for sure. But . . . . no internet connection, at least, makes me feel good.

Directory Opus is an app I would like to use. You, Matt, have recommended it often. And I do trust you to that extent. However, and using Dopus as an example, I am not going to compromise my entire workstation setup by connecting it, always on, to the internet. Niet, no way. Remember, I did say: " . . . my situation may be different than yours . . . ." My reading of this and many similar threads on these the NT Forums (and of conversations elsewheres) is that the internet can be quite nasty. Best for me to react.

Matt, why not use " . . . no, we don't "call home". as an advantage in selling LightWave? As I have said, LightWave, Fusion and PhotoLine work just fine in an offline environment. I am not compromising myself in choosing to use these programs just because they work without internet. But I am limiting myself to powerful programs that do not seek to hurt me or allow others to do so.

Matt
02-18-2014, 07:36 PM
Requested link: http://resource.dopus.com/viewtopic.php?t=17445 Please read all the stuff at the bottom of that page.
I guess Matt doesn't take my words at face value.

Where did I say I didn't believe you? I was asking for the link.

Even after reading the link you posted, I stand by my thoughts on the matter. No personally identifiable information is transmitted, and you can block it if you want to according to that post.

As I say, these are good guys, I trust them. Obviously you feel different, no matter.

Matt
02-18-2014, 07:37 PM
Matt, why not use " . . . no, we don't "call home". as an advantage in selling LightWave?

Even thought it appears this kind of thing is important to you, it's not a big feature or anything. Just the way it works.

erikals
02-19-2014, 02:32 AM
well, i'm not so sure. i think it is a great sales point...

but it might be a better card if one knew AutoDesk still does this.
post #16 - http://forums.newtek.com/showthread.php?140062-Software-company-spying-through-server-license&p=1366793&viewfull=1#post1366793

maybe talk to Rob about it... ?

erikals
02-19-2014, 02:40 AM
As I say, these are good guys, I trust them. Obviously you feel different, no matter.

it's impossible to know this, +they can be hacked.

overall though i'm against it out of principle.

now, let's say every company out there started doing this, (actually a lot of them already have) who would you trust?
and how long would it take before info on your computer got spied on. rhetorical.

to me it's about sending a message, companies didn't need to spy back in the 90's, they don't need to do it now.

JonW
02-19-2014, 04:25 AM
It maybe the most honest company but unfortunately there is alway people who have there own self interest & who would blame them, keeping a dossier on every other person for self preservation or collecting data just in case everything else fails just in case they get shafted. Seen it decades ago, has happened, is happening, will happen.

jwiede
02-19-2014, 01:28 PM
it's impossible to know this, +they can be hacked.

If hacked, the hackers only get info they (GPSoft) have / which you allowed them to have. Or are you somehow suggesting them getting hacked leads to arbitrary access to your machine?

You shouldn't rely on your choice of apps alone as a means of protecting you from external incursion in any case. So again, presuming your border firewall isn't allowing arbitrary traffic from anywhere into your local network, how exactly does a company getting hacked allow access to arbitrary info?

JonW
02-19-2014, 02:06 PM
Our government published the personal records on their website of many thousands of people found out by a newspaper. It happened last year with a hugh number of government workers. You don't even need hacking, simple stupidity is just as effective.

A few years ago one of the telephone companies published a stack of silent phone numbers. They said we will give everyone a new number, but didn't seem to want to understand the cross referencing could be done with the old numbers.

rwhunt99
02-20-2014, 01:16 PM
That (EULA) is the main entrance for android app spies, you agree to let them come in and change, delete and otherwise take control of your phone, but you agree because you want to the latest and greatest whiz bang app out there. When things go south you whine and cry. Same thing here, I'm sure that they don't have that in mind, but that doesn't mean someone else have different ideas