Jump to content

Legitimate concern. Was there similar DRM in the Concorde?


James Burke

Recommended Posts

James Burke

I'm sorry to have to ask this here, but it has been bothering me because...

Shortly after I bought the FSLabs Concorde, my credit card started experiencing fraudulent usage originating in the UK. I live in Japan and have never been to the UK so..I also didn't make any purchases elsewhere, but the fraudulent charges started showing up about a week after I bought the Concorde.

 

With the news of the DRM debacle spreading around the gaming world like wildfire, I'd like to know if my data has been compromised because of this purchase or what.

 

I also own the A320 but it was a gift from my girlfriend who used her own credit card to buy it. I am concerned for her privacy data as well, and she is far less computer-literate than I am so...

 

Could I get a response regarding this please?

Link to post
Norman Blackburn

James,

I know its very easy to add dots etc to try and make things fit with your fears but the bottom line is we don't have - and never have had - access to user credit card details. This is all handled by esellerate. 

To answer your specific query no.  Only the 320x as we have stated.

Link to post
Milan Assuied

Guys stop calling it a DRM.

 

A DRM is something that prevent you to use a software if your licence is not verified. Gog games have no DRM,  I can email the installer to anyone and the game will work. Steam games have DRM.

 

What we are talking about is an ILLEGAL MALWARE. Not a DRM.

 

Quote

I also own the A320 but it was a gift from my girlfriend who used her own credit card to buy it. I am concerned for her privacy data as well, and she is far less computer-literate than I am so...

 

If you are storing your bank credentials in chrome then it's a possibility. Only your data would have been at risk, not your girlfriend's one.

Link to post
John Barnes

Milan. I am so sorry. I better put my glasses on next time i am reading the forum. I could have sworn i saw the name Milan Assured.

Really sorry fella. Its been a stressful few days. Just ignore me.

Link to post
Kyprianos Biris

I am really astounded by the volume of reaction FSLabs got on this issue while at the same time piracy is deemed as something for granted.

The whole issue is around a malware that was supposed to phish data from pirates and pirates only.

I am not saying it was right but let me explain my thoughts.

What troubles me is that while a company tried to find out who was illegally circulating their product, the company got most of the blame for the phishing method and not the pirates (in general) for the illegal action.

I, as a loyal customer, want the company to stay in profit and keep producing their products for the future. If the piracy thing goes forever they may as well give up and stop producing their great products in the future.

I, as a loyal customer, would be more angry with other members of the community stealing what I have paid for rather than the company for the method it used to phish the identity of the thief.

Let me give you an example of a similar hypothetical example:

Lets say I park my car on the street and burglars come often to (try to) steel it. Installing a camera and recording the image with camera view in a public space is illegal and can't be used in legal cases in most countries (there may be some exceptions in some countries like for example if there is a notice sign of recording cameras being in operation etc.)

Then the thief steals my car. I use the camera archive to identify him. I may not be able to submit this in a court since, its not legal, but now I know who the thief is. With this data in hand I can point the authorities to where to look for my car and connect the physical person to the illegal act. I give them the information, they find the car with the thief driving it and the thief is arrested and prosecuted.

Now what is happening here is that the community blames me for installing a camera recording public view towards the street (being illegal) and raises no issue about the thief who stole my car or the basic principle of car thefts in general.

Without knowing how FSLabs would use the data from the malware which would act only on pirate activity and not loyal customers (according to their statement which I believe it), I hereby attest that, yes, I am happy they did it and I would do the same for my business if it was my business that people were robbing me from. By observing this company's ethos all the past years there is nothing to make me believe they would use malware in a way that could harm its loyal paying customers.

So this is what astounds me; the lack of trust to this company on the issue. Luck of trust in that they could use private data from customers to harm them intentionally or unintentionally. Such is the reaction by (Internet posting) people I observed the recent days that it is clear by now, at least for me, that the majority of these people are the very users who would use pirated copies.

Sigh.

I remember in 2017 I had some issues with FSLabs' Concorde where live internet connection was needed for eSellerate.net to do random checks on the validity of my product license. Something had gone wrong (not on my side) and I would fail the validation on the background check and my simulator would shut down. Initially I complained as a bad service because this random check in background was not posted somewhere as a notice to customer. I soon understood why this was happening. On line validation with random on line check in the background was(is) a way to fight piracy. While it annoyed me when it happened because the problem was not on my end, I understood why this was taking place. From my next session it did not happen again, ever. I concluded that I would not complain further and I was happy the company was making some random checks against piracy even if this would ruin my session when, for example, there would be a coincidence of internet communication issue along with the date and time of my random validation check (once every few months).

  • Like 3
Link to post
James Burke

Kyprianos, I understand how you feel about FSLabs dealing with piracy, but the fact is they broke the laws of pretty much every country they're doing business in. It's not only a matter of forgiving them for heavy handed piracy control, it's a matter of laws were broken and this is a very serious problem. Even if we forgive FSLabs the legal consequences of this are going to be huge. Personally, I am willing to forgive FSLabs, but I am still disappointed.


I am very saddened. I hope my data is OK. My trust has been breached, I have been assured by FSLabs that my data is safe, but they didn't tell me that this software was going to be put on my PC (I also own the A320). I am willing to forgive, but they still broke the law, and this wasn't a case of jaywalking.

Link to post
Ray Proudfoot

@James Burke, please explain how FSL should protect their property. It's all well and good saying what they did was illegal but if there is an alternative legal way of protecting their property I'd love to hear it.

  • Like 1
Link to post
Kyprianos Biris
1 minute ago, Ray Proudfoot said:

but if there is an alternative legal way of protecting their property I'd love to hear it

Me too.

Link to post
James Burke

I don't know - I am not a DRM expert. One of my favorite simulators, Steel Beasts, uses a CodeMeter USB dongle which has been very effective for them. The price point for their software is similar to the A320 for P3D.

At this point it's a moot issue. Very serious laws have already been broken here, it's not just an issue of consumer trust anymore. You cannot package password loggers with legitimate software to consumers, it's extremely illegal and the severity of the crime (From a legal perspective) is worse than the act of piracy itself. Even if it was meant to combat piracy, it still violated the law.

 

I'm really dismayed that it has come to this. FSLabs was doing so well and to have everything undone is a huge shame. I worry about the future of the FSL Concorde, the future of the FSL, and the future of my personal data. Keylogging/password sniffing software was nowhere in the EULA.

Link to post
Ray Proudfoot

You're being a bit of a drama queen James. Phrases like "very serious laws have been broken" and "extremely illegal" are more emotional than logical. More serious than murder, theft or rape? I doubt it. And none of your data was compromised because you have a valid licence.

Given the software in question has now been removed and refunds offered to those who requested them I would hope that is the end of the matter. I have no concerns about the future of FSL. Even this morning over on AvSim someone posted they had bought the A320 and others were agreeing it's a great product. They'll get over this unfortunate blip.

Going back to protection options the dongle is certainly one that has been used but I'm sure FSL will have considered and rejected that for various reasons. The 'phone home' option that Kyp mentioned with Concorde seems a decent compromise. Every x days the software will attempt to communicate with the servers to validate the licence against a database of valid ones. If a match is made all well and good. The user won't even be aware a check has been made.

If a link can't be established then a maximum of 3 tries will be attempted over 24-48 hours. Failure to validate will result in the sim closing down. I don't see a problem with that.

Theft (not piracy) is a serious crime. I don't see much condemnation for the thieves on these pages, just criticism for those trying to protect their product. I think we need to cut FSL some slack here. They've acknowledged they did something they shouldn't have and changed it. That really should be the end of the matter.

 

  • Like 2
Link to post
Marlon Carter

Everyone seems to pick and choose when they break the law and when they don't. Have you ever gone over the speed limit while driving? You broke the law.  Have you tried to conceal information to avoid taxes or fees?  - You broke the law. Have you ever cursed in public?- In some countries, you broke the law. Everyone needs to realize that we all make mistakes and we ourselves at times do things contrary to the law. I'm not making an excuse for FSL, but I'm pointing to the fact that these things happen and we don't always make the best choices in a given moment. It's just that in this case, the publicity is greater.

  • Like 1
Link to post
James Burke

Sorry Ray, but I'm about as far from a drama queen as a person can get.

I am fortunate enough that having a few hundred $ stolen from me (As happened after my FSLabs purchase) is not a big deal. I am not saying FSLabs was connected with this, but the timing was bad, and I am not the only person who had this happen.

But...In Japanese law, (I live in Tokyo) FSLabs would face a minimum of 3 years jailtime plus a fine of up to 1,000,000yen or $10,000 for including password logging software with their legitimate product, which was not included in the EULA.

It's not MY decision as a consumer - if it were, I'd give them a free pass and a big kick in the a$$ for being stupid enough to include a keylogger with legit software. People have been contacting Europol and the FBI about this issue. It's not drama, cybercrime laws have been broken and it's a big deal. I've known Lefteris since I was 12- going on 20 years now, and I know the struggles he faces with piracy and such. But we are talking about google passwords and personal data here, not just product functionality.

I have no desire to seek a refund. As I have said, I like FSLabs' products and I like FSLabs as a company. But that doesn't mean anything - laws have been broken and not everyone is as forgiving as you and I.

 

I do think that FSLabs should have adopted a USB dongle solution or something similar instead of resorting to this secret password software. I'm just so sad that this is going on as FSLabs is probably in my top 3 software developers of all time. I really wish they hadn't done this.

 

What about people who have installed FSLabs products on public / semi public computers? If the computer contained a pirated product, is the owner of the PC then subject to personal data collection because someone else using the PC decided to pirate a product on the same PC? It's a slippery slope and I just wish that FSLabs hadn't started down it.

Link to post
Ray Proudfoot

James,

Okay, I withdraw my comment but your post did come over as someone reacting more from emotion than logic. It's a pity you lost that money but surely your credit card company should have reimbursed you.

The fact that the illegal software was withdrawn so quickly will I hope bring an end to the matter.

What is "something similar" to a dongle? The fact you can't give an example suggests the problem stopping theft is more difficult than we imagine. What is done is done and hopefully the fact FSL have now stopped distributing the software should be an end to the matter. I don't have anything else to say on this. The better it all calms down the best for all involved.

Link to post
James Burke

Ray,

The maker of Steel Beasts uses a hardware dongle by CodeMeter (No similar or anything of the like - it is a CodeMeter USB dongle). It has a special DRM algorithm that makes an online call to the DRM server to make sure the license is valid. There is some leeway in cases of offline players but I have never needed to verify how that particular system works. But it is there for those of us who need to use the software out in Iraq or Africa or wherever, where there's no stable internet access.

 

I think that our particular community would reject dongles, but I also think it's probably the best solution to piracy. CM has never been broken, neither has the recent iteration of starforce. Either one would have represented less of a PR blow than what's happened so far. I agree that as far as consumers are concerned, the matter is basically settled, but legally speaking the authorities are obliged to act on this. It's not a matter of trust where the shopkeeper can just say "Aw, he's learned his lesson, let 'im go". Deliberate mass distribution of a malware agent has occurred here and whether or not we forgive FSLabs, bad things are going to happen.

 

I am really saddened by all this. I hope FSLabs will atone to the community. If FSLabs goes out of business because of this I do hope they'll forfeit the IP rights and release the source code for their old software. I am not trying to be a vulture here but as a pragmatist I don't see how they're going to weather this storm. This has got to be one of the severe tech scandals in recent memory.

Link to post
Marlon Carter

I think the reality of the world we live in is that there is no "nice" or ethical approach to catching criminals. The criminals have guns and this means the police also need guns. Either way both sides are walking on a thin ethical line but with obviously very different intents. I would honestly love to hear a fullproof solution to this that doesn't cross any ethical lines.

Link to post
Ray Proudfoot

@James Burke, Dongles, whilst a secure solution, are not practical when you're distributing your software all around the world. Paying for the software then unable to use it until the postman delivered the dongle would drive people mad.

In respect of your other views I think it best to leave that for the relevant parties whoever they might be. No-one has died so a sense of proportion is needed. The whole community would lose out were a severe punishment to be handed out not forgetting the livelihoods of FSL themselves who have contributed so much to our enjoyment of flight simulation.

Out of curiosity what is the punishment for software pirates or to give them the proper name - thieves?

Link to post
James Burke

Ray,

Steel Beasts has achieved a global distribution with their method, but I think they are even more of a niche developer than FSLabs, so I agree that dongles like they have adopted are not a realistic solution for FSLabs. I admit that I don't know what would work for FSLabs, but I definitely believe that what FSLabs has done to this point is not an acceptable solution.

 

As far as relevant parties is concerned, I'm afraid the Japanese prosecution teams are already moving on FSLabs from the info that I have, and while it'll be a while before FSLabs has to deal with it, there are going to be consequences for this. Japanese consumers are notoriously unforgiving of this kind of thing and the legal system is even less forgiving.

 

Again, no need to preach to the choir - if it were up to me I'd give them a pass and a kick in the @$$. You can't deny this was stupid. But they went too far here, even a layman can see they've violated criminal law with the inclusion of this software. And that upsets me because FSLabs has been one of the quality developers for the hobby I spend the most time and money on. I've even used this hobby to create an industry in my country to train pilots. This kind of incident really hurts and depresses me.

Link to post
Ray Proudfoot

James, fingers crossed this ends up with FSL still able to produce quality software. It would a disgrace if they were fatally damaged but the criminals who steal their software could carry on with impunity.

Link to post
Romain Roux

Hi,

Personally I got over that issue with FSL. I have expressed my feelings on that forum about the method used by FSL and after they expressed apology and removed the incriminated file from their installer, I agreed to give a second chance to FSL.

So I have no more emotion in the discussion now.
However, I would like just to comment posts from Ray and Kyprianos.

First to Kyprianos, I agree that FSL took much more attacks than the pirates on the forum. My opinion on this is that no one will ever support the pirates and most likely it is a well known and well agreed fact. But I guess what shocked people here and therefore led FSL to get the most blame is that their method was likely to be illegal or at least highly unethical and in most people mind close to pirates' way of doing. Coming from a respected company, it brought a lot of emotion especially because the tool was extracted on users' computer even before their copies could be verified (hence some feeling considered as suspected at the first sight).

Now, to Ray, I'm not software developer nor IT engineer, but couldn't it possible to simply block the use of the software to reference hacked copies? No one expressed any concern with the serial verification both during the installation nor to attend the support forum. 

The investigation part with the collection of private data should be left to the official authorities. That part was basically what got people freaking out. Though I'm willing to believe Lefteris that it proved having some results in identifying illegal distribution website and pirate identity, the issue is that how would you control the extent of the investigation done by a private company? Once again I believe FSL to be fundamentally honest and sincere in their statement that they would never expose legitimate copies owners nor retrieve their personal data, it still remains that they are not legally entitled to do so and that a less considerate company or even personnel inside the company could push the investigation too far with barely no control whatsover until the excess would be found. The question is what a private company may be allowed to compared to authorities.

 

 

  • Like 2
Link to post
Ray Proudfoot
14 minutes ago, Romain Roux said:

Now, to Ray, I'm not software developer nor IT engineer, but couldn't it possible to simply block the use of the software to reference hacked copies? No one expressed any concern with the serial verification both during the installation nor to attend the support forum. 

That was the method used for Concorde I believe. It would “call home” at random times to check the key was a valid one. No one seemed to have a problem with that.  If no match was found or there was no internet connection you got a message and shortly after that FSX was terminated. However, you could restart it and continue using Concorde until the next check whenever that was.

I fly Concorde an awful lot and I’ve not seen any warning message about a invalid key ever since I switched from a beta version (used during testing) to a version released to customers.

There may have been reasons why FSL didn’t continue with that process but unless they jump in I doubt we’ll find out. I think they have enough on their plates at the moment.

Link to post
Milan Assuied
8 hours ago, Ray Proudfoot said:

@James Burke, please explain how FSL should protect their property. It's all well and good saying what they did was illegal but if there is an alternative legal way of protecting their property I'd love to hear it.

Actually there are plenty, some are more efficient as other but in all case they must be legal and non intrusive, and shall not put personal information at risk which is not only illegal but also irresponsible since anyone could be victim of third party attack from this loophole.

As far as I know pirating FSL products is especially complex, following this affair I made a small tour and I could not find a single working version. PMDG is far more pirated and they are still making a huge bunch of money.

So in order to catch a very few number of pirates who would not have buy the product anyway, FSL is putting it's whole business at risk. Pretty sure the simple refund campaign already costed more than all the past years piracy. Thief has always been a part of any business issues, company address it differently: Costco provides big salary and good social advantage to prevent their employees from stealing, and it works. For software, affordable prices ( movies/series : netflix & co, music : spotify & co, games : steams promotions, bundles ) have proven to be MUCH MORE efficient than any anti piracy protection so far.

 

Since considering what I will do about the Concorde. I am expecting it a lot, but if it happens now ... I don't know. It's starting to be a bit heavy, first there's the PMDG MD11 precedence, then there's the "accidental" use of copyrighted textures from a competitor for the 320 (so lol for the anti piracy stance), and now this .... I think some people here should really start thinking about their value and personal morale, or maybe take more responsible actions, in order to regain trust.

 

At least I did not asked for a refund, for now.

Link to post
Ray Proudfoot

Milan,

Interesting points. As I see it there are three options to protect a product:-

1) A physical dongle which allows the software to function..

2) A "call home" feature such as that used in Concorde.

3) Install checking software similar to test.exe but with a notice warning what it involves. It should only extract information that identifies the owner and proves they  have an illegal copy of the software and no more.

1 is difficult when selling around the world. Too long for customers to receive the dongle and it could go missing. Who pays for a replacement?

2 is feasible, costs little and should be able to prove if an install is legal or not. But it wouldn't be able to identify the culprit. Just prevent them using it.

3 offers the most protection and if declared up front would be legal. But sales could slump if people refused to sign up.

There is another option that you alluded to. Just accept software gets pirated and providing sales are healthy turn a blind eye. I have a friend who has sold one of the best utility programs for FS and I'm sure he just accepts there is a degree of piracy. It remains an excellent seller.

I very much hope the events of the last few days don't affect a 64-bit version of Concorde. That would be extremely sad. Time will tell.

  • Like 1
Link to post
Milan Assuied
5 hours ago, Ray Proudfoot said:

3) Install checking software similar to test.exe but with a notice warning what it involves. It should only extract information that identifies the owner and proves they  have an illegal copy of the software and no more.

It's not. Test.exe is not an install checking software, it's a malware.

You have to understand that this way of doing things protect from nothing because it is illegal it:

  • Prevents you to sue any eventual "catch" since any proofs you may obtain would be illegally obtained and as such not receivable in any justice court. Tbh, I can't believe that anyone would think, even for 1 single second, that this would be receivable
  • Exposes you as a buisness to legal pursuits in many places in the world
  • Exposes your customers to a piracy risk

So basically, your putting pirates out of legal risk with putting yourself at legal risk and at risk of losing your customers. Definitely not an option.
And no you cannot declare it "upfront", because it is illegal to ask people to renounce right that law grant them, it's called an abusive clause (EULA are full of them, some regularly got kicked in courts). And it's often illegal for people to renounce them by themselves, voluntarily. That's how law works.

Oh and finally, just so you know, two years ago I bought the 747 from PSI (PSX). It came packaged into a jar file, on a CD-ROM. I dumped the CD-ROM on my Dropbox, for personal protection (we're talking about a 450 US$ product here).

I, or anyone for that matter, could just upload the jar file somewhere and anyone could use it. Guess what ? Try to find it. It's nowhere to be seen.

There's no need to go such lengths to fight piracy, it's not necessary, and it's dangerous.

Link to post
John Barnes

Your points are accepted but your information is slightly  incorrect. PSX is easily available through illicit means. I personally dissolved a friendship with somebody who pirated the very mentioned software. This is in no way meant as a form of defence but just a pointer that information can be incorrect at times.

Link to post
Jonathan Fong
2 hours ago, John Barnes said:

Your points are accepted but your information is slightly  incorrect. PSX is easily available through illicit means. I personally dissolved a friendship with somebody who pirated the very mentioned software. This is in no way meant as a form of defence but just a pointer that information can be incorrect at times.

I think his point was that he could have easily uploaded his own copy of PSX online for the internet to go wild with, but didn't.

Link to post
Milan Assuied

Well, I may not have look hard enough because I was already owning the soft and just checking, but it seems you have better sources than mine ;)

 

Quote

I think his point was that he could have easily uploaded his own copy of PSX online for the internet to go wild with, but didn't.

And it seems that a very few number of people did

Link to post
Magnus Meese

This business made it to several of my own tiny country's IT news outlets, for crying out loud, none of which ever cover flightsim stuff. If there are no legal repercussions in the aftermath of this, I'd be truly surprised. 

I'm not surprised that several customers stands up for FSLabs, presumably due to a bias created by a love for their products (which I also share) and/or a misunderstanding of how serious shipping malware to customers truly is, no matter the intended use, but I seriously suggest they should stop and consider just how OK they honestly think it is.  It amazes me that this idea actually was put in motion without anyone on the team stopping it, and I hope the company have gained some understanding and respect for laws, privacy and security. I hope to see a matured FSLabs continue to develop and publish with the quality and passion they have been for years, without continuation of these shortsighted decisions. To see a revisited Concorde would be absolutely brilliant, but not at any cost. 

On 2/22/2018 at 12:56 PM, Marlon Carter said:

I think the reality of the world we live in is that there is no "nice" or ethical approach to catching criminals. The criminals have guns and this means the police also need guns.

Officers in my country don't carry firearms. UK officers don't carry firearms either. Food for thought. 

 

Edit: As I learn more about this, the bad taste in my mouth only gets worse. Continued use and future purchases doesn't feel like the best idea. 

Link to post
Marlon Carter
On 2/24/2018 at 10:39 PM, Magnus Meese said:

 

Officers in my country don't carry firearms. UK officers don't carry firearms either. Food for thought. 

 

Edit: As I learn more about this, the bad taste in my mouth only gets worse. Continued use and future purchases doesn't feel like the best idea. 

That may be true in some cases but if a criminal has a deadly weapon, a law enforcement division who also has a weapon will be called in eventually. Ultimately, as much as we might not like to think so, there is a thin ethical line in fighting crime. At times we are only aware of the things we see or have been told, but there may be a lot we don’t see being done to fight crime that can easy be questionable.

I don’t condone what was done, but when the lines are thin we can inadvertently cross the line in many situations in life. The good thing in this case is that the error was recognized and rectified.

Link to post
Brandon Garcia

I had X-plane 8, and instead of inserting the DVD #1 disc to verify that I had a legitimate copy I had the option of buying a usb thumb drive from X-Plane that contained the encryption key. I think it was called an encryption key. Anyway the file size of what was on the thumb drive was extremely small. Simply plug the usb thumb drive into a usb port that isn't utilized anyway and you're in business. How many of us have all of our usb ports occupied?

Speaking of file size on a usb thumb drives, I purchased a product from REX some years ago with several GBs on it, and it came on a usb thumb drive. How many simmers have a REX product?

So as a potential solution, meld together what X-plane and REX did.

As for what FSLabs did with implementing malware, I do not know of a single class in an IT or Computer Information Science ethics class that anyone would take at a university whereby the professor (trained and holds certifications in cyber crime) of such a class would not flunk the student on an assignment if the student came up with an idea like FSLabs. Back when I went to university we had to take more than one ethics class, one was IT Ethics in a Global World. It boils down to one short sentence that we were taught: Two wrongs NEVER make a right.

Two originating posts of mine asking about my product and if it is affected were deleted from this forum. I am a verified owner of an FSLabs product...Does anyone seriously think that I will ever purchase anything from FSLabs again? Maybe I will consider it when pigs fly under their own power at Mach 2.

Brandon

Link to post
×
×
  • Create New...