Digital Convergence Changes EULA, and Gets Cracked

mfdii writes "Apparently Digital Convergence has changed their EULA. This EULA has been modified to include the CueCat reader in an attempt to shutdown those tinkering with their cats. The old EULA can be seen here." Meanwhile a dozen or so really excellent programs utilize the childishly simple protocol (or, if you're DC, their "Intellectual Property")... and as if that isn't enough, apparently their service was cracked. Anyone who used DCs CueCat software has had their information stolen from the DC servers! This comes from an e-mail being sent in by zillions of people warning them (and also apologizing by giving a $10 gift certificate).

Accountability!!

When will companies start being held legally accountable for these types of inexcusable security oversights?

Where the hell do they get off throwing lawyers at innocent people for violating their "property" and then making no effort what so ever to protect my property (specifically, my personal information)?

How about if I make DC sign an EULA that says "if you lose positive control of this information (last name, first name, address) then you owe me $10K for every piece of junk mail I get as a result"

Not "hacked!"

Their registration "database" was actually a plain text file published on their webserver! No hacking involved. Just type a URL into netscape, and viola, there's the "database." Digital Convergence isn't staffed by geniuses.

---- ----

Re:How can you license a gift?

You're absolutely correct. Any unsolicited merchandise you recieve is yours to keep without charge to do with what you will.

Here [usps.com] is the Postal Service guide to preventing mail fraud in PDF format (it doesn't say much about this other than anything sent to you unsolicited is yours to keep).

What about the :Convergence :Cable???

In the cue cat box I swiped from my neighbor's mailbox (thank-you :Forbes :Magazine), there also was a neat 8-foot long connector thing called a :Convergence :Cable (tm). It has a 1/8th inch stereo plug on one end and a :male and a :female RCA jack on the other. It looks like the thing I need to hook up my TV audio to my computer.

This cable is supposed to capture special bookmarks embedded within TV ads and forward you to the web site of their choice. It saves a lot of hassle, because you no longer have to type in "http://www.forbes.com" just to order an official :Forbes :Magazine :Golf :Shirt. Surely, this is also part of their :Intellectual :Property and took up some of their five years of engineering and development.

Why aren't they coming after people who are reverse engineering the :Convergence :Cable, those who circumvent their EULA by using it to make .ogg files out of their ":South :Park" video tape collection? Maybe somebody should put up a "How to :Reverse :Engineer the :Convergence :Cable" :web :site.

Could someone please tell me what the difference is between the :Cue :Cat and the :Convergence :Cable?

Re:take the high road.

Hey don't underestimate the power of a "you suck" note.

A lot of companies do suck -- DC is certainly one of them -- and they often need to be reminded that they do, in fact, suck.

Everyone tries to be nice-nice. "Dear Sir, It has come to my attention that your bar code device... blah blah blah"

Just tell them they suck and be done with it.

People underestimate the power of simple, honest language. Everybody tries to throw in 10-cent words when a few, choice 5-cent words will do just fine.

Besides, I'm tired of all these companies talking at my head. "You can do this, you can do that, you can't do this, blah blah blah."

It's high time consumers -- or whomever -- just dispense with the niceities and get down to brass tacks: more and more corporations suck, period.

Corporations want to fuck us over, take our money, and move on to the next sucker, er, consumer at our expense.

That *does* suck. And the corporations that do this *do* suck. And no amount of "pretty" language (or professional) will hide this. I'm tired of being a "nice" consumer when these not-so-nice corporations want to order me around, and spit me out for dead when they feel like it.

I'm sick and tired of it.

DC sucks. And their stupid bar code reader sucks.

Licence a piece of hardware?

Imagine if this worked in all hardware:

EULA for ACME Toothbrush. By opening the packaging for this toothbrush, you acknowledge that this device will only be used orally. This device may only be used to brush teeth, dentures, or anything as approved by the ADA.

Improper uses unclude:

Pets

Shoes

Computer parts

Silverware or any other dishes

Any other device where the object where the cleaning agent is not toothpaste.

Our lawyers will attack if this agreement is breached.

/dev/scanners/cuecat

If you'd sooner have your cat on /dev/scanners/cuecat than hanging off the back of a Windows box then you can patch your kernal today... CueCat Driver 0.1.8 [lineo.com] was released on Freshmeat mere hours ago.

Huh?

Is there any requirement that a company prove that a person has actually seen their EULA? If you never install their software or read their docs I'm not sure how they could make the case that a person was even aware of the EULA. The CueCats I have all came in bags, maybe they are printing it on the bags with the phrase 'by opening this bag you agree to....'.
The majority of the people who use the cracks do so because Cue's software either doesn't work on their OS or because they don't want Cue to snoop on them. In either case the EULA would never be seen by the user, I can't imagine that it would be enforceable.

Tatle-tale

From the New EULA [digitalconvergence.com]: In any event, you will notify Digital:Convergence of any information derived from reverse engineering or such other activities...

Riiightt... so, now not only can't I reverse engineer the software under thier "agreement", I have to dob in anyone I find out that is reverse engineering it?

hmmm, better stop reading slashdot, I guess MS, RIAA and the MPAA were right. You are all the spawn of Satan. Lucky the big companies are here to protect me and my children (please, won't you think of the children?).

$10 Gift Certificate - Invasion of Privacy

Since in the email they sent they ask you to fill out a form to get the $10 Certificate snail mailed to you -- it is just a way for them to tie your address in Meatspace to your 'userid' or whatever it's called in their software. I for one won't be getting the $10 certificate. Infact I just disabled the email account I had setup to get a code to test the software with.

I'm not going to sell my address to those spammers for a lousy $10.

How can you license a gift?

I received a CueCat in the mail. I have accepted no license, and I don't plan to. I'm not going to install their software by any means. They have given me no ability to refuse the terms of their license. It was sent to me without any action on my part, other than being a subscriber to a magazine- that sounds like a gift to me.

They have the broad statement of (2) using the :CueCat reader leading to my acceptance of the license. But what do they mean by using it? Using it as a doorstop? Paperweight?

I really hope this issue comes around and hurts them in the end. They must have spent a *huge* amount of money to get this out. They probably have 100's of thousands sitting in a warehouse somewhere, ready to be shipped. I hope they never get to ship them.

Hmm... a thought. Can I refuse their terms with an email that states that if their email server accepts the message, they accept my terms? That sounds a lot like the arbitrary acceptance conditions that they put forth.

Postal Regulations vs. EULA

I received a CueCat in the mail. Apparently because I am a subscriber to Wired. I did not ask for the CueCat, did not order it, did not pay for it (yes I know its free anyway). Under US Postal Regulations, this item is now mine. It is not the property of D.C., they have not loaned, lent, nor licensed it to me. They can not ask for it back, they can not tell me what to do with it. It is mine, period. If they would like to claim differently, they can take the issue up with the Post Office, not me.

Re:Abusing the good will of companies

It strikes me that whenever a company comes out with something where they intend to make their profits from after-sale mechanisms, the first thing that people want to do is to try and avoid this.

Well, knock me down with a feather!

If companies are basing their business model on after-sale mechanisms, and they intend to rely on technical means to compel people to pay them money, it's obvious that somebody is going to try and get around it.

Instead of trying to use *technical* means to do this, have they considered a) contracts, and b) making the extra-cost services sufficiently compelling to justify their customers spending money? If you're going to use a lock-in strategy, why not be up-front about it like the mobile phone companies, and be prepared to offer a contract-free version at the full retail price.

Companies Don't Have Inherrent Right To Profits

Repeat after me, no one is ripping off these companies. If some braindead MBA believes that selling stuff below cost in order to gain mindshare is a business plan, I am not obligated to satisfy his plans for me as a consumer by paying for a marked up service or accessory to something I got for free or below cost.

It strikes me that whenever a company comes out with something where they intend to make their profits from after-sale mechanisms, the first thing that people want to do is to try and avoid this.

I seem to remember one of the first things I was taught in Economics class being that consumers should be assumed as rational beings that will try their best to maximize their utility (i.e. consumer happiness) by paying as little as possible for a service. In my opinion a company that fails to factor in the lessons of ECON 101 while designing a business plan deserves to fail.

People like you who complain because consumers are not going along with a corporation's plan to sell them a marked up service or product shock me. I cannot for the life of me figure out why I should spend more than an item costs after other payments are factored in for the illusion of being given something for free. Anyone remember all those free PC companies that made you sign 3 year ISP contracts? Guess that means the PCs weren't so free, huh.

Re:Abusing the good will of companies

If companies want to make money this way, they need to get people to sign a contract up front. Plain and simple. If you build a business on being able to trick people into paying you for nothing, then you deserve nothing when they wake up.

As for the EULA, it's as worthless as the original. Here is the babelfish translation:

"Now that we've concluded our contract, here are some extra terms that we'd like to add."

All EULA's say exactly the same thing. If a vendor wants to enforce a EULA, it must be presented before the sale so that I can read it, and the vendor must refuse the sale to transpire without me signing the agreement; otherwise, it's all bullsh**.

Hmm - ideas, ideas...

Hmm, this gives me an evil idea!

If I were [theoretically of course!] to crack into a database and obtain e-mail address data, it wouldn't take much effort to then mail out everyone whose addresses I had obtained saying "We're sorry - our database got cracked. Send us your credit card details and we'll give you a $10 refund straight to your card for the inconvience!". =)

Put in a genuine looking "From:" address, and a temporarily set-up "Reply-to:" address, and wait for those CCs to come rolling in =) I'm sure there are enough people out their who would happily fall for such a scam!

Changing EULA after-the-fact?

IANAL, but can they change the EULA so radically after thousands (millions?) of CueCats have been distributed? I got mine from rat shack a number of weeks ago, and immediately destroyed the CRQ CD. Now they're trying to bind me with a contract I didn't agree to? I'm going to disassemble my CueCat right now...

Re:Abusing the good will of companies

To me, all of this seems like trying to rip off companies that are providing something which people obviously want. And if people succeed, then these companies are going to suffer, which means no more deals for people. Is this what we want?

yes. this is what we (or at least, I) want. I want after-sale business models to FAIL so that companies can get back to the good old way of selling stuff without tying the user to some badly thought-out service of theirs. namely, by selling appliances at a profit. just like VCRs, stereos, cars, and everything out there that gets sold. selling hardware at a loss and recouping on side channels is BAD FOR THE CONSUMER.

New EULA

...you will notify Digital:Convergence of any information derived from reverse engineering or such other activities...

Well, so far I've determined that the people at Digital Convergence are pricks. Does that count?
Guess I better go notify them.

Spot the difference. Is it legal?

The key change in the license agreement would seem to me, to be that this:

• Except as expressly permitted in this License, you may not decompile, reverse engineer, disassemble, modify, rent, lease, loan, sublicense, distribute or create derivative works based upon the :C.R.Q. Software in whole or part or transmit the :C.R.Q. Software over a network or from one computer to another.

Has been changed to this:

• Except as expressly permitted in this License, you may not decompile, reverse engineer, disassemble, modify, rent, lease, loan, sublicense, distribute or create derivative works based upon the :CRQ software or :CueCat reader in whole or part or transmit the :CRQ software over a network or from one computer to another.

They clearly thought that anybody wanting to reverse engineer their scanners would have to disassemble their software, so they thought that they could prevent this with the software licence agreement. They clearly didn't realize that by using such a braindead-simple protocol, people could reverse engineer the protocol just from the hardware, so they have extended the EULA to cover reverse engineering from the CueCat itself.

But how can this be legal? What you buy a piece of software, you are buying a license to use that software. When you buy ( /are given ) a piece of hardware you own it. You can do what you like with it. You have the right to sell it to someone else, and DC have no contract with that person.

This cannot be enforcable.

You greedy nerds!

You're right! Individuals are exercising more and more power over companies. It's getting out of control and is completely contrary to the American way of life. People are unfairly exercising their rights to think and use technology to abuse poor companies that have no recourse when faced with the power of a motivated hacker and such unscrupulous tools as Linux.

One of the problems with capitalism and technology is that individuals often become so powerful that their influence over honest hard-working companies becomes so great that they can start to take advantage of them. This is where the federal government can step in to protect the rights of these poor companies that are just trying to mind their own business and make a buck.

People might complain that these companies need to exercise a little more judgement when they come up with their business plans, but let's face, even the most careful companies can fall victim to ruthless individuals utilizing their technology to take unfair advantage of them.

It's time people stood up for the rights of victimized corporations! Write your Congresspeople so they can pass laws to protect those poor companies who cannot protect themselves.

If we don't stand up for the big companies, who will?

Re:Licence a piece of hardware?

What cracked me up was the statement in the EULA:

The :CueCat reader is only on loan to you from Digital:Convergence and may be recalled at any time. Without limiting the foregoing, your possession or control of the :CueCat reader does not transfer any right, title or interest to you in the :CueCat reader.

Excuse me?

How can you "loan" me something if you a) don't know who I am, b) don't bother to record who I am, c) don't ask for any collateral or specify any terms/conditions/length for the loan, and d) retroactively declare it was a loan?

This sort of seems to me to be equivalent of handing out money on the street one day, and then getting on television the next saying, "Oh, by the way, all those people I gave money to on the street yesterday have to pay me back when I ask for it."

How absurd.


--

Re:Spot the difference. Is it legal?

Yes. But putting aside the issue of who owns the CueCat, their license doesn't even makes sense. The entire purpose of a barcode reader is to scan barcodes and spit out characters into the input stream. Exactly like the entire purpose of keyboard is to detect keypressed and spit out the characters to the underlying software.

Pursuing the analogy further, does having a MS keyboard mean that the code I type belongs to MS now? It is my effort, my code, my computer. Even if MS wraps a license around the keyboard, they can not be allowed to extend that license to my ownership of other things. In exactly the same manner, if I use the cuecat to catalog the books I own, the books are mine. the database software is mine (or some other company's) The barcodes are on the book - they are public. The ISBN is not a proprietry system. Which part of the whole thing does cuecat own? Nothing.

That the encryption is weak or it is encrypted makes no difference. I could use it to generate pseudorandom numbers. Does it mean that CueCat owns the random numbers now?

Re:Abusing the good will of companies

• it just discourages other companies from being so generous

DC is being every bit as generous as your local dealer who gives crack to kiddies to get them hooked. DC is not being generous. It is driven by the motive of making money.

• Do we really want a situation where every new technology comes out hand in hand with restrictive legislation to give the companies a chance to make a profit?

I have two imaginative thoughts.

1. Sell things for what they are worth. Crazy, I know, but what if DC tried selling the scanner for what it cost them to make it? Wow!
2. Just write off the loss. Okay, hands up anyone who has ever taken a free T-shirt at a trade show, for a product that they will never, ever, buy. Should there be an EULA on the T-shirt against that? If DC were really feeling generous, they could just write off the loss of a handful of scanners to /. geeks who want to hack around with them, and concentrate on pushing more scanners at lusers who are more likely to use their software.

DC are currently expending a lot of energy on fighting us, not on making money. This is very dumb.

• despite the fact that they sell their hardware as a loss leader and rely on the subscription charges to make any money.

Ah! DC is stupid. Tell me again, why is that my problem?

Digitalconvergence.com Patent

If anyone is interested, you can find the one and only Digitalconvergence.com patent here. [ibm.com] The patent number is 6098106 and it was issued August 1, 2000. It covers using sound to link to a web site. IANAL, but it doesn't look like it covers bar codes.

As for bar codes, they really don't encode much information. The first part of the number is the company producing the product, and the last part is a unique identifier for the specific product (a green widget would have a different identifier than a red one). So really it's just a pointer or index that links into a database elsewhere. Forget any hopes of scanning your CD's and getting a song list from the barcode, unless you link it to a database that contains what you're looking for.