Spy email and privacy

Suppose I write code in my application so that it automatically sends an email to me at a specific date or after a criteira is met. This email will contain information about my product such as : times used, days used, actions performed, preferences selected etc. If the user is not connected to the Internet, the mail will not be sent immediately but the application will retry after a cetrtain time elapses. Also, the user of the computer will not know anything about this. He will not see any mail application opening or running and he will not get a sent mail report or he wont see the mail itself in the Sent Box.

Is this legal ?

It will give me information only about my application's status for I can keep some statistics. It will also inform me the mail address of the user since I will see it when I get the mail.

If there is no problem with this, how about if I also gather information about user's computer to get a profile of him.
You know one can get lots of data, but this seems to me a privacy interference (abuse, intrusion, whatever the correct term for that). But the first alternative seems more innocent.

Does anyone has any idea how this can legally be interpreted.

A few years back, there was some game that did a similar thing and people got all up in arms about it..
you might make it like winamp where it asks you if you want it to send the info or not..

This is extremely morally wrong, unless the user knows about it in detail, and agrees to do it.
You should prompt the user (upon installation maybe?) to determine if they wish to agree to it.
Make sure to explain in detail what the process does, what information it takes, and for what reasons.
Intel<S>®</S> got hounded just for serial numbers, and Microsoft<S>®</S> is getting strong criticism over its latest OS in the works (Windows XP<S>®</S>).

-cl

I exactly think that this is morally the worst thing.
But in fact and ironically, what I am trying to do is to pinpoint morally wrong users !!!

I will check if my application is being used illegally and get a report on it. The application will calculate it's ans some supporting file's checksum and send me a mail so I can check if the file has been tampered.

Of course a hacker can easily change my code and prevent mailing very easily but this operation will be so deep down that 75% of them would not find out at a first glance. They will just change the code to bypass evaluation of the licence info(such as a registration code), in this case a mail will be sent to me days later so the hacker will be displeased a bit, I am trying to do his life a bit harder, you know. And I also want to check if some user changes the resources in the exe or extracts any resource to use somewhere else (I can detect this using another method). Or to check wether he fiddled with any supporting files etc.

Anyway I think I will keep away from such a thing.
What is the issue with Microsoft XP? I do not know of it.

Windows XP<S>®</S> will be using hardware indentification to prevent software piracy.
It's all over technology news sites online.
Too bad for Microsoft<S>®</S> though... their "security" has already been overridden.

Good Luck
-cl

I see. I check XP news rarely for the time being. Thank you.

What you might do is perform your checks, and then if it detects a problem, set a flag. Whenever you get a chance to go on the internet, send your report but at the same time, display a prominent window informing the user of what you are doing and why. This *may* alleviate some of the criticism because at least you aren't being sneaky about calling home....



"I have a plan so cunning you could put a tail on it and call it a weasel!" - Edmund Blackadder

Seems a good idea to me.
If I get you right you mean send the message then inform the user. Right. Otherwise if I ask user's permission to send mail he would probably reject it.

There is another method. If I add an update checking ability to my application I can place files in a ftp site. From there the application can download files it will run. Such as an exe which checks the checksum (remember we talked about it), reports the error to the web site submitting a document to the web site (or just sending a mail) then quits. My main app will delete it. This may not morally OK again but who can nail me down. There is no trace of what happened. Unless the computer hangs before the little culprit exe gets deleted.

After all, reporting an illegal status does not sound to me as immoral or illegal unless I gather information from the user's computer. The only info I gather (and this is unintentionally) is his email which I can get rid of, you know.

I just want to be kind to my client (user) while trying to repel hackers.

You might check out <a href="http://grc.com/downloaders.htm"> THIS LINK </a> for some stories, comments and examples about other programs that were "spyware".



"I have a plan so cunning you could put a tail on it and call it a weasel!" - Edmund Blackadder

While your intentions appear to be honorable, and who among
developers doesn't hate hackers and pirates, what you want to do would
still be seen as an invasion of privacy in the USA. Possibly even illegal
without the user's consent.

The ends, no matter how noble, can never justify the means.

I think therefore I am... sometimes right. images/icons/wink.gif

This is a bit off topic, but that line:
"The ends justify the means"
is one of my buttons. I always hear it quoted out of context.

When Machievelli wrote "The Prince", he intended it to persuade Prince Lorenzo to unify Italy. At the time, Italy was a patchwork of warring city states and Machievelli felt that a strong man was required to unify them by diplomacy, trickery or force. It was THIS SPECIFIC END (unification of Italy) which justified a SPECIFIC means. In later years, people came to quote it as saying that ANY ENDS justify ANY MEANS, which is ludicrous.

As a reaction to the above, nowadays people say that NO ENDS justify ANY MEANS, which is equally false. After all, if I want to retire comfortably (the ends), then it justifies the sacrifice of hard work (the means). But it does NOT justify robbing a bank. Therefore, SOME ENDS justify SOME MEANS.

As I said, a bit off topic.....images/icons/wink.gif

"I have a plan so cunning you could put a tail on it and call it a weasel!" - Edmund Blackadder

Ok, I will take the philosophical bait.
<blockquote><font class="small">In reply to:</font><hr>


After all, if I want to retire comfortably (the ends), then it justifies the sacrifice of hard work (the means).


<hr></blockquote>
Even in this case, the ends don't justify the means. There is nothing
about wanting to retire comfortably that makes the sacrifice of hard work
any more or less just. The thing that would make it more or less just
would be a measure of the sacrifice. For instance, did my family suffer
because I spent all my time working, or did I damage my health and
shorten my lifespan so that the end of it would be more comfortable.
Or, did I cut out time wasted in front of the TV and turn it into value.
These are examples of the things that affect the justness of the means.



I think therefore I am... sometimes right. images/icons/wink.gif

I grant your point that it is debatable, but that is my point as well.

A blanket statement like "The Ends justify the means" is as false, depending on the circumstances, as "No Ends Justify the means". Again, it all depends on what ends, what means, and how you measure it all.

Machievelli was not (IMHO) stating a "fact", it was simply a way of summing up his previous points in his essay in order to convince Lorenzo to seek power.



"I have a plan so cunning you could put a tail on it and call it a weasel!" - Edmund Blackadder

To be honest, I was not even aware that "The ends justify the means"
was a quote of Machievelli, and not just a modern day excuse to do
anything because, "we mean well." I guess I need to get away from
the computer and read more.

I guess the point I was making has to do more with understanding
direct cause and effect. Superstition is a direct result of people
connecting two unrelated ideas or events and giving them a cause and
effect relationship. When you can find the true effect for any cause then
I will grant that the effect can justify the cause.

I think therefore I am... sometimes right. images/icons/wink.gif

For some reason, it makes me grin to see a thread that is 95% posts by moderators and administrators.

As for the issue under debate, I'd be mad if someone sent out a mail from my computer without my knowledge. But I'm also a paranoid ***. I've had an ulcer ever since my firewall started going nuts with all these <font color=red>CodeRed</font color=red> http port probes. The thought of someone doing something "under the rug" on me just gets my ire all up.

However, I don't really have a good suggestion for your alternatives. Sorry....

-<font color=purple>The Hand</font color=purple>

<font color=green>"On a long enough timeline, everyone's life expectancy drops to zero."</font color=green> - Fight Club

If I were you, I'd go ahead and put that feature into your program, but upon installation, display a REALLY long, legal license. Nobody reads those. So, the user clicks "I agree", signifiying that they agree to let you spy on their computer.

If they find out that the program is sending secret e-mails, they can't take the case to court because THEY are the ones who broke the law....your program is allowed to do anything if the user gives it permission first.

Jacob Sheehy
http://www.sheehy.ca

The more I C, the less I see.

Thanks so far for the philosopy and your thoughts.

I had used some cracked programs without any commercial, professional or intensive manner. Anyway I did not feel very good about this but I was justifying myself as I wanted to know what a program does etc. And the cracks I used were the evaluation versions which could be only downloaded once I submit personal information through an email form in a web page. Ironically, I am talking about something which I would hate to be exposed to. Anyway, generally I was not approving of using illegal software.

After I got into programming I turn out to be more concerned and understood the poor programmer's feelings much better.
A paradigm shift.

The reason I brough up the subject is not just for myown legal protection but I also do not wish to feel morally bad and frustrated.

And orufet, I think your suggestion will not be a correct approach. There are two points in this.
First I do not want to make ennemies out of my customers who are a valued potential customer for my next businesses. I even prefer to let the users use my program a couple of times more after the 30 day evaluation expires. So somebody which forget about it over this period would have a couple of chances to evaluate or use it. I do not publish a crippleware, always fully working trialwares with 30 days eval. period. I never show up a nag screen etc.
Secondly, in some countries (I am not sure about United States), even if you get a signed agreement, (let alone the long and boring setup screen EULA), it will not save you in the court if it includes statements which are against laws, common sense or if deceiving. Nowadays nobody can get and sell big companies domain names. Or nobody would win a case if the agreement is against human rights or involves in racial discrimination.

As I can do whatever with my software, in case of an illegal use detection I can think of rendering the application useless deleting some resources that will be only used by the application, such as some internally used databases, pictures, etc. But not deleting any files produced by the application. The user's life (business) may depend on it.

The best alternative seems that one right now. Another morally and legally clean approach would be showing a message to the user that this software is illegal and prompting them if they would like the application to report the situation to the vendor. Also what the message will contain should also be clearly stated. And that no claim will be raised
against them due to that message but that they should either register now or uninstall the application.

...and... he will laugh at me :)
Life is crude.

I had seen some advice on a web site. It goes like this :
Just implement a fair protection, maybe with a third party utility. Concentrate in developing the application not protecting it.Otherwise you will end up spending most of your time with paranoid efforts. Maybe you could get a good protection; but a protection for a software nobody would buy because of its poor quality. And one day you may very probably see that it is hacked.. and you will be very sorry.

I hate to say it. I really do. But forget about it.

<BLOCKQUOTE>"What can be created can be changed. What can be changed can be destroyed."</BLOCKQUOTE>

And by all means this certainly applies to source code.
At one point people thought that Windows XP<S>®</S> would never be cracked.
Boy, were they nieve. It was cracked in it's first beta release.

Good Luck
-cl

There is only one way of nearly excellent protection that I know of :

Built a poor program.
Do not distribute it.
Do not tell anybody about it.
Commit suicide.
images/icons/smile.gif