Slashdot Log In
Digital Convergence Changes EULA, and Gets Cracked
Posted by
CmdrTaco
on Mon Sep 18, 2000 07:05 AM
from the oh-thats-real-nice dept.
from the oh-thats-real-nice dept.
mfdii writes "Apparently Digital Convergence has changed their EULA. This EULA has been modified to include the CueCat reader in an attempt to shutdown those tinkering with their cats. The old EULA can be seen here."
Meanwhile a dozen or so really excellent programs utilize the childishly simple protocol (or, if you're DC, their "Intellectual Property")... and as if that isn't enough, apparently their service was cracked. Anyone who used DCs CueCat software has had their information stolen from the DC servers! This comes from an e-mail being sent in by zillions of people warning them (and also apologizing by giving a $10 gift certificate).
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Accountability!! (Score:4)
Where the hell do they get off throwing lawyers at innocent people for violating their "property" and then making no effort what so ever to protect my property (specifically, my personal information)?
How about if I make DC sign an EULA that says "if you lose positive control of this information (last name, first name, address) then you owe me $10K for every piece of junk mail I get as a result"
Do they think were stupid? (Score:2)
Think about it, the reason they are offering the free certificate is BECAUSE SOMEONE CRACKED THEIR SYSTEM AND STOLE OUR PERSONAL INFO... and now they want us to go back and GIVE THEM MORE?
Huh? I never made the connection....
No shrinkwrap (Score:2)
sulli
Re:Postal Regulations vs. EULA (Score:2)
Re:No shrinkwrap (Score:2)
I was pretty pleased about it! It meant I didn't have to worry about any license crapola.
OT: Hey, are you the lizrd [mailto] I [sulli.org] think you are?
sulli
How do I disagree with the EULA? (Score:2)
Not "hacked!" (Score:5)
---- ----
Re:My thoughts exactly. They're CONFIRMING their s (Score:2)
DC submitted their press release on the issue at 10pm friday night, probably in hopes that nobody would care about it by monday. (Tried and true technique, release bad news friday night and it has less impact. Unless nobody hears about it until
I read their press release on Yahoo's news site saturday. It's probably not there anymore, news gets turned over pretty quickly.
The $10 certificate is probably their way of saying "Please don't sue us for mishandling all that information you gave us."
Mac drivers? (Score:2)
Yeah, I know, gotta get linux. Working on it.
sulli
Re:How can you license a gift? (Score:4)
Here [usps.com] is the Postal Service guide to preventing mail fraud in PDF format (it doesn't say much about this other than anything sent to you unsolicited is yours to keep).
Wow. (Score:2)
So where's the 'Agree' button?
Also, my name is not "Your Signature". Sorry, try again... Could they at least have you fill out a form to generate something official-looking with the right name on it? Sheesh.
---
pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
Dumbest startup ever (Score:2)
The thing spits out whatever barcode it reads, massaged for easy merging into a URL by a logical XOR on the number 67 followed by a pass of Base64 encoding, not unlike what happens when you attach a file to e-mail. In nontechnical terms, this is "encryption" weaker than passing something through a Flash Gordon decoder ring, then passing the result through a Lone Ranger decoder ring.
The "intellectual property" Digital Convergence is trying to protect can be expressed in 3 lines of very basic Perl or a flowchart sketched inside a matchbook. I wish them luck.
As a result, I've seen a quickie book database someone slapped together: it grabs the ISBN and fetches book info from Amazon. Anonymously. Without having to pass a thing to Digital Convergence, makers of the scanner, and without passing a cookie or any other form of ID to Amazon. I've never been consumed with an urge to catalog my books or CDs on my computer, but the CueCat makes it surprisingly convenient. It took me about ten minutes to feed in about 60 books. The ones without barcodes are still a problem, but this certainly takes much of the bite out of the process. Nearly all CDs, on the other hand, have barcodes.
Another little perl script floating around lets you scan anything the Digital Convergence folks have catalogued on their servers groceries, radio shack catalog items, magazine articles) and jump to the product's site or web page.. again without passing so much as a user ID or cookie to them. The servers are wide open and will return the product URL for a given barcode regardless of whether or not you're a registered, cookied user of their official software. Whoops!
Since it's easy to distinguish between the barcodes on books, CDs and grocery items, the same three lines of perl could be used as the basis for a five-line program to put products in a shopping cart on your favorite web grocery store, again without involving the CueCat folks.
You'd think in the four years this was in development someone would have wondered why no other company had ever tried to build a tight marketing database around cheap barcode scanners given away at a loss.
It's not because it hasn't occurred to thousands of entrepreneurs since cheap barcode wands first appeared 15 or so years ago. It's because until the dunderheads behind the CueCat came along, all the other peopole who had the same dream realized that even a kinda-sorta lockable barcode scanner would cost too much to give away for free. And then with that Big Idea out of the way they went and did something productive, like wash some dishes or eat a Popsicle.
So simple, so early-80s is the CueCat's design that those Linux drivers probably took someone half an hour to write while watching TV and feeding the dog. Especially given the dozen or so little shell scripts and perl programs that have since popped up, all of them ramshackle "baby's first program"-caliber triumphs. I can't wait to see what online music, grocery and book stores do with this.
If any license agreement short of requiring a signature before receiving a security-free scanner like this holds up in court, it would open the way for hand-tool makers to require people to buy separate "screwdrivers" and "paint-can openers".
I wonder if Digital Convergence is publicly held.
InterNet News Interview (Score:2)
here [flyingbuttmonkeys.com]. It runs today, Sept 18, 2000, so you'll have to look for it in their archives starting tomorrow. However, I'll keep the mirror at my site.
---- ----
Re:Not "hacked!" (Score:2)
(I would like to thank slashcode for inserting the space in the url).
---- ----
Re:Postal Regulations vs. EULA (Score:2)
For example, if the software contains an EULA saying "you may not reverse-engineer this software", and you never accept the EULA, then you have every right to reverse-engineer the software.
However, you don't have the right to burn copies of the CD and pass them out (except of course as permitted by "fair use"), because even without accepting an EULA, you are still bound by copyright law. (By the same token, if you get a copy of Newsweek in the mail, you can give it to a friend, but you can't distribute a zillion copies of the articles in it -- you own the physical magazine, but Newsweek's publisher owns the copyright.
Getting back to the CueCat: Whether or not you've consented to the ULA, the firmware inside the CueCat is protected by copyright law, and you can't, say, download the object code and then burn it onto chips at your own bar-code-reader factory. However, reverse engineering is not forbidden by copyright law, so if you don't consent to the ULA, you can reverse-engineer the CueCat protocol.
IANAL, of course, and I am ignoring the whole question about whether shrink-wrap licenses are ever enforceable.
--
Re:Postal Regulations vs. EULA (Score:2)
Of course, assuming I *did* want to read the uC's ROM, I prolly wouldn't be able to. Many microcontrollers are read-protected so people can't look at the ROM.
--K
---
Re:Postal Regulations vs. EULA (Score:2)
Re:Licence a piece of hardware? (Score:2)
Except for emulation, the same goes for the PC software. DigitalConvergence can't protect against emulation unless they get a patent on some crucial part of the decoding process.
--
Re:Changing EULA (Score:2)
IIRC, most EULAs allow the software maker (but not the user) to change the terms of the license, subject to agreement by only one of the two parties. So, the company lawyer says, "Sure, I agree to that change," and there you go: the EULA has changed, and you are still bound by it.
Of course, this assumes that click-/shrink-wrap licenses are binding, which will become law when UCITA gets passed. (And don't fret, it will, just like the DMCA did. You don't have enough money to brib... er, donate to your elected representatives.)
Re:take the high road. (Score:2)
What about the :Convergence :Cable??? (Score:3)
This cable is supposed to capture special bookmarks embedded within TV ads and forward you to the web site of their choice. It saves a lot of hassle, because you no longer have to type in "http://www.forbes.com" just to order an official :Forbes :Magazine :Golf :Shirt. Surely, this is also part of their :Intellectual :Property and took up some of their five years of engineering and development.
Why aren't they coming after people who are reverse engineering the :Convergence :Cable, those who circumvent their EULA by using it to make .ogg files out of their ":South :Park" video tape collection? Maybe somebody should put up a "How to :Reverse :Engineer the :Convergence :Cable" :web :site.
Could someone please tell me what the difference is between the :Cue :Cat and the :Convergence :Cable?
DC Webpages contradict Policies (Score:2)
check out the cuecat.com [cuecat.com] webpage by digital convergence:
they say: "We've made it super easy to get your new :CRQ system, including the :CueCat reader, absolutely FREE"
Even Digital Convergence's own page [digitalconvergence.com] says "Digital:Convergence will distribute more than 10 million of its new :CueCat(TM) devices and :CRQ(TM) software free to consumers by the end of this year."
Even more interesting is who runs Digital Convergence (see link above): "The company's management team includes a roster of industry veterans from Time Warner, AT&T, GE, ING Barings and Disney."
It would seem that they're not idiots. They're just dumb
-V
Re:Um, Okay. (Score:2)
http://x64.deja.com/=dnc/[ST_rn=ps]/getdoc.xp?A
The site was not "cracked". They simply left the registration file as a plain
Re:Postal Regulations vs. EULA (Score:2)
Ahh, I see what you mean. I guess they need to put the EULA inside the microcode on the Cuecat in the next revision? ;)
Re:Postal Regulations vs. EULA (Score:2)
--
Re:How can you license a gift? (Score:2)
Funny, my mail fraud is all on paper. I haven't seen any "make money fast" schemes in PDF format.
;-)
--
Re:I call double bullshit. (Score:2)
The most important thing is that a bailment is not an absolute transfer. The bailor (in this case DC) retains title to the chattel property (CueCat).
Problem is, DC goes on to contradict its bailment agreement as follows:
1. The warranty recital.
The DC warranty disclaimer says, YOU ASSUME FULL RESPONSIBILITY FOR THE SELECTION OF THE
2. The warranty disclaimer.
The DC warranty disclaimer goes on: THE
3. Integration clause
The integration clause says, No amendment to or modification of this License will be binding unless in writing and signed by Digital:Convergence. . Hey, where's the signature?
For further entertainment, check out http://www.digitalconvergence.com/legal.html, which contains the absolutely laughable statement, The materials ("Materials") contained in Digital:Convergence Corporation ("Digital:Convergence") Web site are provided for informational purposes only. Ah, its just info, not a real contract.
Geez, these guys are fools. Bankruptcy or buyout in 12 months.
Re:What about the :Convergence :Cable??? (Score:2)
--
Re:Postal Regulations vs. EULA (Score:2)
It's not as stupid as it sounds.
The ROM and processor are on the same die,
so the ROM is readable by the processor core, but not externally.
--K
But you probably knew that already.
---
Re:take the high road. (Score:4)
A lot of companies do suck -- DC is certainly one of them -- and they often need to be reminded that they do, in fact, suck.
Everyone tries to be nice-nice. "Dear Sir, It has come to my attention that your bar code device... blah blah blah"
Just tell them they suck and be done with it.
People underestimate the power of simple, honest language. Everybody tries to throw in 10-cent words when a few, choice 5-cent words will do just fine.
Besides, I'm tired of all these companies talking at my head. "You can do this, you can do that, you can't do this, blah blah blah."
It's high time consumers -- or whomever -- just dispense with the niceities and get down to brass tacks: more and more corporations suck, period.
Corporations want to fuck us over, take our money, and move on to the next sucker, er, consumer at our expense.
That *does* suck. And the corporations that do this *do* suck. And no amount of "pretty" language (or professional) will hide this. I'm tired of being a "nice" consumer when these not-so-nice corporations want to order me around, and spit me out for dead when they feel like it.
I'm sick and tired of it.
DC sucks. And their stupid bar code reader sucks.
Licence a piece of hardware? (Score:5)
EULA for ACME Toothbrush. By opening the packaging for this toothbrush, you acknowledge that this device will only be used orally. This device may only be used to brush teeth, dentures, or anything as approved by the ADA.
Improper uses unclude:
Pets
Shoes
Computer parts
Silverware or any other dishes
Any other device where the object where the cleaning agent is not toothpaste.
Our lawyers will attack if this agreement is breached.
/dev/scanners/cuecat (Score:5)
Huh? (Score:4)
The majority of the people who use the cracks do so because Cue's software either doesn't work on their OS or because they don't want Cue to snoop on them. In either case the EULA would never be seen by the user, I can't imagine that it would be enforceable.
Tatle-tale (Score:3)
Riiightt... so, now not only can't I reverse engineer the software under thier "agreement", I have to dob in anyone I find out that is reverse engineering it?
hmmm, better stop reading slashdot, I guess MS, RIAA and the MPAA were right. You are all the spawn of Satan. Lucky the big companies are here to protect me and my children (please, won't you think of the children?).
$10 Gift Certificate - Invasion of Privacy (Score:3)
I'm not going to sell my address to those spammers for a lousy $10.
How can you license a gift? (Score:4)
They have the broad statement of (2) using the
I really hope this issue comes around and hurts them in the end. They must have spent a *huge* amount of money to get this out. They probably have 100's of thousands sitting in a warehouse somewhere, ready to be shipped. I hope they never get to ship them.
Hmm... a thought. Can I refuse their terms with an email that states that if their email server accepts the message, they accept my terms? That sounds a lot like the arbitrary acceptance conditions that they put forth.
Postal Regulations vs. EULA (Score:5)
I received a CueCat in the mail. Apparently because I am a subscriber to Wired. I did not ask for the CueCat, did not order it, did not pay for it (yes I know its free anyway). Under US Postal Regulations, this item is now mine. It is not the property of D.C., they have not loaned, lent, nor licensed it to me. They can not ask for it back, they can not tell me what to do with it. It is mine, period. If they would like to claim differently, they can take the issue up with the Post Office, not me.
Re:Abusing the good will of companies (Score:4)
Well, knock me down with a feather!
If companies are basing their business model on after-sale mechanisms, and they intend to rely on technical means to compel people to pay them money, it's obvious that somebody is going to try and get around it.
Instead of trying to use *technical* means to do this, have they considered a) contracts, and b) making the extra-cost services sufficiently compelling to justify their customers spending money? If you're going to use a lock-in strategy, why not be up-front about it like the mobile phone companies, and be prepared to offer a contract-free version at the full retail price.
Companies Don't Have Inherrent Right To Profits (Score:4)
It strikes me that whenever a company comes out with something where they intend to make their profits from after-sale mechanisms, the first thing that people want to do is to try and avoid this.
I seem to remember one of the first things I was taught in Economics class being that consumers should be assumed as rational beings that will try their best to maximize their utility (i.e. consumer happiness) by paying as little as possible for a service. In my opinion a company that fails to factor in the lessons of ECON 101 while designing a business plan deserves to fail.
People like you who complain because consumers are not going along with a corporation's plan to sell them a marked up service or product shock me. I cannot for the life of me figure out why I should spend more than an item costs after other payments are factored in for the illusion of being given something for free. Anyone remember all those free PC companies that made you sign 3 year ISP contracts? Guess that means the PCs weren't so free, huh.
Re:Abusing the good will of companies (Score:4)
As for the EULA, it's as worthless as the original. Here is the babelfish translation:
"Now that we've concluded our contract, here are some extra terms that we'd like to add."
All EULA's say exactly the same thing. If a vendor wants to enforce a EULA, it must be presented before the sale so that I can read it, and the vendor must refuse the sale to transpire without me signing the agreement; otherwise, it's all bullsh**.
Hmm - ideas, ideas... (Score:3)
If I were [theoretically of course!] to crack into a database and obtain e-mail address data, it wouldn't take much effort to then mail out everyone whose addresses I had obtained saying "We're sorry - our database got cracked. Send us your credit card details and we'll give you a $10 refund straight to your card for the inconvience!". =)
Put in a genuine looking "From:" address, and a temporarily set-up "Reply-to:" address, and wait for those CCs to come rolling in =) I'm sure there are enough people out their who would happily fall for such a scam!
Changing EULA after-the-fact? (Score:3)
Re:Abusing the good will of companies (Score:3)
New EULA (Score:3)
Well, so far I've determined that the people at Digital Convergence are pricks. Does that count?
Guess I better go notify them.
Spot the difference. Is it legal? (Score:4)
-
Except as expressly permitted in this License, you may not decompile, reverse engineer, disassemble, modify, rent, lease, loan, sublicense, distribute or create derivative works based upon the
:C.R.Q. Software in whole or part or transmit the :C.R.Q. Software over a network or from one computer to another.
Has been changed to this:-
Except as expressly permitted in this License, you may not decompile, reverse engineer, disassemble, modify, rent, lease, loan, sublicense, distribute or create derivative works based upon the
:CRQ software or :CueCat reader in whole or part or transmit the :CRQ software over a network or from one computer to another.
They clearly thought that anybody wanting to reverse engineer their scanners would have to disassemble their software, so they thought that they could prevent this with the software licence agreement. They clearly didn't realize that by using such a braindead-simple protocol, people could reverse engineer the protocol just from the hardware, so they have extended the EULA to cover reverse engineering from the CueCat itself.But how can this be legal? What you buy a piece of software, you are buying a license to use that software. When you buy ( /are given ) a piece of hardware you own it. You can do what you like with it. You have the right to sell it to someone else, and DC have no contract with that person.
This cannot be enforcable.
You greedy nerds! (Score:4)
One of the problems with capitalism and technology is that individuals often become so powerful that their influence over honest hard-working companies becomes so great that they can start to take advantage of them. This is where the federal government can step in to protect the rights of these poor companies that are just trying to mind their own business and make a buck.
People might complain that these companies need to exercise a little more judgement when they come up with their business plans, but let's face, even the most careful companies can fall victim to ruthless individuals utilizing their technology to take unfair advantage of them.
It's time people stood up for the rights of victimized corporations! Write your Congresspeople so they can pass laws to protect those poor companies who cannot protect themselves.
If we don't stand up for the big companies, who will?
Re:Licence a piece of hardware? (Score:5)
The
Excuse me?
How can you "loan" me something if you a) don't know who I am, b) don't bother to record who I am, c) don't ask for any collateral or specify any terms/conditions/length for the loan, and d) retroactively declare it was a loan?
This sort of seems to me to be equivalent of handing out money on the street one day, and then getting on television the next saying, "Oh, by the way, all those people I gave money to on the street yesterday have to pay me back when I ask for it."
How absurd.
--
Re:Spot the difference. Is it legal? (Score:3)
Pursuing the analogy further, does having a MS keyboard mean that the code I type belongs to MS now? It is my effort, my code, my computer. Even if MS wraps a license around the keyboard, they can not be allowed to extend that license to my ownership of other things. In exactly the same manner, if I use the cuecat to catalog the books I own, the books are mine. the database software is mine (or some other company's) The barcodes are on the book - they are public. The ISBN is not a proprietry system. Which part of the whole thing does cuecat own? Nothing.
That the encryption is weak or it is encrypted makes no difference. I could use it to generate pseudorandom numbers. Does it mean that CueCat owns the random numbers now?
Re:Abusing the good will of companies (Score:4)
-
it just discourages other companies from being so generous
DC is being every bit as generous as your local dealer who gives crack to kiddies to get them hooked. DC is not being generous. It is driven by the motive of making money.-
Do we really want a situation where every new technology comes out hand in hand with restrictive legislation to give the companies a chance to make a profit?
I have two imaginative thoughts.-
Sell things for what they are worth. Crazy, I know, but what if DC tried selling the scanner for what it cost them to make it? Wow!
-
Just write off the loss. Okay, hands up anyone who has ever taken a free T-shirt at a trade show, for a product that they will never, ever, buy. Should there be an EULA on the T-shirt against that? If DC were really feeling generous, they could just write off the loss of a handful of scanners to
/. geeks who want to hack around with them, and concentrate on pushing more scanners at lusers who are more likely to use their software.
DC are currently expending a lot of energy on fighting us, not on making money. This is very dumb.-
despite the fact that they sell their hardware as a loss leader and rely on the subscription charges to make any money.
Ah! DC is stupid. Tell me again, why is that my problem?Digitalconvergence.com Patent (Score:3)
As for bar codes, they really don't encode much information. The first part of the number is the company producing the product, and the last part is a unique identifier for the specific product (a green widget would have a different identifier than a red one). So really it's just a pointer or index that links into a database elsewhere. Forget any hopes of scanning your CD's and getting a song list from the barcode, unless you link it to a database that contains what you're looking for.