You're not the first person to jump in just now and advise me of this. ;)

Amok, get the hell over yourself. I see your fine contribution to this thread coming in just to attack me. That makes you quite the troll now, doesn't it. You need to piss off too.

Over here, we're talking two different types of suit: civil and criminal. On the civil side you don't usually have a case unless some harm occurs. In other words, you can't usually sue for a what-if that hasn't actually taken place. There might be exceptions to that, such as some property rights matters. Mostly you'd have to find someone willing to make a case, and given all of the Kool-Aid being slurped down over at their own forum, that doesn't seem likely. Further, they've supposedly removed the stuff in question. (Given the publicity, I wonder if this will lead to much more piracy of that particular product than if they hadn't included their anti-piracy process in the first place?)

Criminal side maybe? Really depends on what is actually going on with the installation process. It doesn't sound like there has been 100% confirmation of what happens with a pirated copy, though that analysis link from drmike implies that it could be shady. If I'm reading correctly, they're missing the steps where they actually run test.exe and base64.exe to see what happens, what data (if any) is being sent, that sort of thing. FSLabs themselves haven't come right out and said what the anti-piracy process was doing. One could infer based on their comments, but maybe incorrectly.

-----

Makes me wonder if FSLabs is taking adequate precautions on their end of things. I could see a case where someone dissects their stuff and rekajiggers it so it uses FSLabs' own process to slip some nastiness inside their network / server setup. They removed the stuff from the installer, but did they shutdown the infrastructure on their end?

Yeah, I was guessing it would be a criminal matter as I thought it was generally illegal to distribute malware. That's a particularly good point about the possibility of hijacking.

A short look at wikipedia should clarify this:

All of this, so says you...
We don't know what information the software has passed along. And just because a pirate bypasses a user agreement by pirating a game, likely means he would be expected to abide by it. Quite a bit of personal data is collected with software collected by servers including system information. They often require a full name, etc. The real question is where the line is drawn between data a software company is acceptable to take, and what constitutes "hacking". This is not a simple question, but so many of you seem to have a very one-sided view.

The legal systems in most countries will not allow a criminal to profit from harms incurred from his own crimes unless they are in excess of the crime done. In this case, seemingly the only actual harm is that enough personal information was revealed to identify him. They are not using this information to steal from his bank account nor to destroy his computer. I don't see any court that would be rewarding the pirate in this case.

This isn't the same as with Sony installing a CD root kit, since they did that with all users, making them responsible for any vulnerabilities. The only way I see this company successfully losing a lawsuit would be if legitimate customers were harmed through a 3rd party abusing the doorway the company provided.
And umbrella dictionary terms are not the same as legal statutes. Just because you can find a broad definition that makes you think a thing is "malware" does not equate to the precise legal wording and precedents of legal statutes. This is why browser adware hijackers are still in business. It's malware for sure, but seemingly not considered illegal because of their claims that the user read their legal agreement and some people may want to see ads.

How many pieces of software require one to use their own name and e-mail and log one's IP to check against for future logins? Is that "hacking"? Or "computer misuse"? And if this is the totality of information passed back to the server and the legal agreement which the pirate willingly bypassed authorizes this information, the pirate is going to be SOL.

There is difference between stopping a game from working and turning a keylogger on by a mistake, the first is just bad PR while the latter is outright criminal negligence.

I think I saw someone in the Reddit thread to hypothesize a scenario where the developers servers were hacked and all the legit keys were flagged as pirated so that they can start to collect data from the legit users. This is some Sony rootkit level of ignorance on developers part to even fantasize about implementing this kind of "DRM" let alone actually doing it and thinking that once it gets noticed they can just blame piracy and get away with it.

That's kind of what I'm thinking: unless some harm has been shown, or it's proven that the company is doing something further illegal with whatever info is obtained, a court isn't likely to do much about it. But you never know until it's tried.

The Court of Public Opinion sounds willing to make a decision. Not sure it will really matter, for a couple reasons:

- very specialized software, in part because of the genre (hard-core flight sim) and in part because of the pricetag. $140 for an add-on knocks out most of the game-buying marketplace.
- those willing to pay that price sound quite loyal to the company, and seem to think - for the most part - that the issue is no big deal. I'm basing that on reading the relevant thread over at their place. The few customers who are raising concerns have generally been shot down.

-------

FSLabs have stated that so long as your serial number doesn't match a list of known pirated copies, you're good to go. But what if someone takes a look at the installer and decides to manually run (or mistakenly runs) one or both of the .exes in question? The name "test.exe" could lead one to think it's a program to test whether your system is up to spec for the mod, and "base64.exe" could have someone thinking they need to run it since they have a 64-bit OS. They claim it can't hurt those with good serial numbers, but is that really true? The installation process might not be able to cause a problem, but they did put software on the machine in the form of plain executables that ~might~ (allegedly) do some shady stuff.

For customers' sake, I'm glad they decided to yank it. Hopefully this will be a lesson learned the easy way: before anything bad happened.

You're right - from a moral point of view. But this is still all hypothetical and no court will sentence the developer because someone theoretically could hack their servers.

The user agreement got nothing to do with it. We're talking about a hidden software that only becomes active on pirated versions.

You're right, there are very thin lines sometimes. And because of this there are data protection laws in every country. Over here, in Europe, we'll get a new one in May. For analytic tools (for example) it's been forbidden for a long time already to collect any data that could identify you personally. The new law now includes MAC and IP adresses as "identifying data".

Breaking into someones computer and getting his data without his consent definitely IS hacking. We all know that laws can be complicated, but... seriosuly: It's not that hard in this specific case. We're not talking about a toolbar with a user agreement, that installed itself with another software because you didn't tick a checkbox (should be illegal, but it isn't). We're talking about a hidden software that calls home and collects identifying data.

The legal system in most countries will not allow a company to break the law to go after people who broke the law.

Again: You're right, laws can be complicated sometimes. But you can be absolutely sure that whatever the exact legal definition for malware and/or hacking is: something that is secretly installed on your system, collects your data and sends it to someone else, definitely qualifies as "malicious software" or "hacking". Otherwise the law would be useless.

That's according to the devs and they would have to prove as well that the software is unable to cause harm to any legit user as well. Also the right of privacy (at least here in Germany) is part of the constitution and is regarded very, very high - probably higher than any copyright infringement. I really doubt a court will dismiss this just because it might be possible to catch some pirates with this method. As you said we are no lawyers here and I don't want pretend to be one but in my line of work I have to do with those rights every day so at least I know how important they are considered for the lawyers.

Somehow they did it.

They made playing a Ubisoft game, on Steam, with Denuvo DRM, and a Uplay account requirement, sound much more appealing and preferable than this tactic :P

And it won't even run down your battery.

deleted

What isn't hypothetical is the fact that they have now admitted having added a keylogger in their product that can collect data without consent from computers that they can't in any way prove beforehand to be only used by the suspected pirates, so they are in essence gathering a database of personal information that they have no justification in any reasonable point of view to have.

Whatever charges the developers should be facing, the possession of an unlawful database and the risk of it being leaked is just an added detail, but I would argue that the courts should also take a hard look on the level of security the developers have on their servers and if any blatant neglience is found, that should affect on how hard the sentencing goes.

Wow, the dev is in violation of section 2 of Microsoft Flight Simulator X EULA. You know, the part that says you can't use their software to gain unauthorised access to user accounts and interfere with user enjoyment of Microsoft software.

I'm just gonna go ahead and forward this to Microsoft's legal department. Have fun devs!