EEVblog® Electronics Community Forum
Electronics => PCB/EDA/CAD => Altium Designer => Topic started by: envisionelec on October 20, 2022, 02:14:16 am
-
Around 2018 I decided it was time for a change of careers and became a full time PCB designer. I went searching for a legitimate used copy of the software. Now, at the time I had never read the EULA and didn't know there were NO SUCH THINGS as a used license. But I digress... I found a seller on a forum who claimed to be selling the assets of a large contract manufacturer located in or near Poland. After some back and forth, I paid the seller 0.2BTC which was around $1300USD at the time for the license. To verify, the seller showed me that my company name was indeed in the License which made me believe it was completely legitimate... others were vouching for the seller saying they'd purchased equipment, and all was as expected. Good.
Everything worked perfectly. I conversed with Altium reps about it, all updates always worked. I had built a small business on it. All good. In April 2022, I got a message from a client that stated they needed to get on a call IMMEDIATELY. It turns out that they had been served with a notice from Altium's legal representation that showed my company name and computer information had been "phoning home" for the time I'd plugged my workstation into their network. Further, they had logged 3 YEARS of data from my computer network, down to the LatLong of the WiFi of my home network. I was livid, furious that I had been conned and was about to lose a trusted client.
After losing my shit in anger, I managed to figure out that the seller had given me a bogus license with an activation that, when Googled, could be found in a list of "Cracked" Licenses. What I STILL DON'T understand is how the f*** my Company information was displayed in the License and on the Licensing page if it wasn't placed there by Altium. The .ALF file is pure gibberish when I view it in Notepad++. Were they working for Altium?
I was never able to track down the seller because it was all done via secure email which seemed normal for an international transaction - I reasoned the seller didn't want his information to be public. That was my undoing because I couldn't prove the transaction happened other than to show the bitcoin transaction left the wallet at the time. I am a pretty tech savvy guy but computer security and system information isn't one of my strong suits. I distinctly remember being very wary of the whole deal, and in retrospect there were red flags.
I can talk about this now, because I settled for a non-unsubstantial amount of money. I had to buy 3 consecutive years of on-demand licensing (they refused to give me the standalone) and pay a penalty. It adds up to $18k and I think I escaped relatively unharmed. Although that is a major financial hit, it could have been much worse.
-
Ouch, that sucks.
Also quite awful Altium followed you for three years, they could have sued you a lot earlier.
However, used software licences exist (at least in .EU), and are valid.
And they are sold by normal companies, with normal websites who use common mail and telephone. And they accept normal credit card or back transfer payments.
If you have to jump through hoops to communicate with them, and have to pay in BTC, its probably a scam.
-
Ouch, that sucks.
Also quite awful Altium followed you for three years, they could have sued you a lot earlier.
It sounds like a lawsuit never actually happened here. i.e. it never went to court and Altium won a decision and were awarded damages.
Sounds like a classic case of a big company just legally threatening an individual and they buckled. That's what big companies do, they send out a threatening letter from lawyers hoping that the invidual or smaller company will just buckle and pay under the either explicity or implied threat of a lawsuit.
-
Open source, baby.
-
Ouch that is not fun.
I am guessing the person who sold you the license had a keygen. They sometimes put the effort in to reverse engineer the license encryption so that they can spit out unique keys using the keygen, making it harder for the software vendor to block.
A lot of other big companies do the same thing. For example Dassault Systems (the makers of SolidWorks and CATIA) will also send you greetings in the mail if you plug a machine with a cracked copy of these software into a corporate network.
-
What I STILL DON'T understand is how the f*** my Company information was displayed in the License and on the Licensing page if it wasn't placed there by Altium. The .ALF file is pure gibberish when I view it in Notepad++.
Likely because they do not properly sign the file. Cryptography is something companies have a long and proud history of completely, totally, and utterly failing to grasp.
-
It sounds like a lawsuit never actually happened here. i.e. it never went to court and Altium won a decision and were awarded damages.
Sounds like a classic case of a big company just legally threatening an individual and they buckled. That's what big companies do, they send out a threatening letter from lawyers hoping that the invidual or smaller company will just buckle and pay under the either explicity or implied threat of a lawsuit.
Thanks for weighing in, Dave. You’re mostly correct. McInnis and McLane served my client, a large corporation with an international presence with large monetary threats. My network information (MAC address, license name, lat/lon, IP addresses) were in a multi page list as Exhibit A.
I immediately called a high power copyright attorney (another USD5K) to learn my rights and made an offer to settle. That was in April. Altium dragged their feet for six months which caused me to lose the client and the remainder of the contract I had with them which would have handily paid for that settlement amount. Because of Altium’s sheer laziness to communicate with their counsel, I nearly went out of business. And this is a SIDE JOB. I work a full time career for a massive company as a PCB designer, using Altium everyday. I used Altium for what amounts to serious hobby-level work and absolutely got shafted.
In the end, I demanded that Altium release my “clients and customers” of any wrongdoing - because that was the right thing to do. I got (almost) everything I asked for, then went above and beyond and upgraded their option to get the PRO license rather than standard. I absolutely didn’t take it lying down nor did I buckle without having clear and capable legal representation. Thank you for allowing me to post this story on your forum as a warning to others that may have a cracked copy of Altium on their machines in the USA and are connected to Altium.
-
I wonder how legitimate it is to track a user and get to have the contact information of one of his customers. Of course to enforce one's rights a person has to sue, but I don't think it's allowed "by default" to "spy" on users just because you own the software.
I'm sorry for what happened. And I'm sorry to say it but for me, for this kind of purchases, asking to be paid in bitcoin must raise suspicion.
-
This also makes me wonder what the privacy "lawyers" have to say about this. Sounds even worse then the whole cookie ordeal of web pages. Basically tracing your system every where you take it, and startup "their" software.
There is this thread about "free" software doing it too. https://www.eevblog.com/forum/chat/seems-all-the-ides-supplied-by-chip-makers-phone-home/msg4455088/#msg4455088 (https://www.eevblog.com/forum/chat/seems-all-the-ides-supplied-by-chip-makers-phone-home/msg4455088/#msg4455088)
-
Indeed. For a company that has deep pockets they could have potentially sued back with the privacy violation and reduce or dismiss the original claim entirely. Obviously that would depend on the T&C of the software and if it was enforceable or not.
To the OP: I am sorry this has happened and I am glad you came out with a "speeding ticket".
-
Ouch, that sucks.
Also quite awful Altium followed you for three years, they could have sued you a lot earlier.
However, used software licences exist (at least in .EU), and are valid.
And they are sold by normal companies, with normal websites who use common mail and telephone. And they accept normal credit card or back transfer payments.
If you have to jump through hoops to communicate with them, and have to pay in BTC, its probably a scam.
Agreed. Needing to pay in Bitcoin and using secretive email addresses is a massive red flag. No real company would take payment in Bitcoin, use 'secure email', etc. Real companies trade openly using bank accounts in their name.
Another red flag is that -in my experience- you'll need Altium (either through their servers or through a dealer) to move a license from one computer to the other. AFAIK you can't buy a used Altium license which works on your system 'out of the box'.
Still is sucks massively for the OP that this happened. Best wishes and hope the big customer can be persuaded to become a client again.
-
Agreed. Needing to pay in Bitcoin and using secretive email addresses is a massive red flag. No real company would take payment in Bitcoin, use 'secure email', etc. Real companies trade openly using bank accounts in their name.
Another red flag is that -in my experience- you'll need Altium (either through their servers or through a dealer) to move a license from one computer to the other. AFAIK you can't buy a used Altium license which works on your system 'out of the box'.
Still is sucks massively for the OP that this happened. Best wishes and hope the big customer can be persuaded to become a client again.
Agreed. I was in a tight situation where I’d just gotten dropped from a contract with a firm in another state. I had moved there in hopes of being moved to full employment but was dropped unexpectedly. I was more than a little desperate to have the software. The tiny “scam alert” voice wasn’t working well that day and I readily admit that I made a big mistake. The confidence came when the seller sent me screen shots of my company information on the AD license page.
-
Funny thing is they used network of a corporation they have no relationship with to track down OP...
Also it is debatable, if OP didn't really buy software from them, then any contractual relationships are null and void, including Alitum's right to gather any data from OP, regardless of what it says in a blurb on a screen.
It is a piracy to use illegally purchased software, but Altium cannot spy on people without consent.That is practically industrial espionage and is highly illegal in any country. And in EU it is GDPR violation too..
-
Regarding data collection, I'm not sure that Altium has done anything illegal here. You installed their software, and allowed it to phone home with details of your PC, either by explicity allowing the connection to Altium servers or failing to manage your firewall. Same MO with Microsoft and thousands of other software providers. From the Altium EULA which all users have agreed to:
3.12. You acknowledge and agree that data provided to Altium, including but not limited to data stored in Altium 365
Service, may be retained in Altium’s records and archived indefinitely in our network backups.
-
Re the mystery seller: The blockchain could be your friend. Do you have the wallet address that you paid the BTC into? How active has it the address been?
-
It sounds like a lawsuit never actually happened here. i.e. it never went to court and Altium won a decision and were awarded damages.
Sounds like a classic case of a big company just legally threatening an individual and they buckled. That's what big companies do, they send out a threatening letter from lawyers hoping that the invidual or smaller company will just buckle and pay under the either explicity or implied threat of a lawsuit.
Thanks for weighing in, Dave. You’re mostly correct. McInnis and McLane served my client, a large corporation with an international presence with large monetary threats. My network information (MAC address, license name, lat/lon, IP addresses) were in a multi page list as Exhibit A.
I immediately called a high power copyright attorney (another USD5K) to learn my rights and made an offer to settle. That was in April. Altium dragged their feet for six months which caused me to lose the client and the remainder of the contract I had with them which would have handily paid for that settlement amount. Because of Altium’s sheer laziness to communicate with their counsel, I nearly went out of business. And this is a SIDE JOB. I work a full time career for a massive company as a PCB designer, using Altium everyday. I used Altium for what amounts to serious hobby-level work and absolutely got shafted.
In the end, I demanded that Altium release my “clients and customers” of any wrongdoing - because that was the right thing to do. I got (almost) everything I asked for, then went above and beyond and upgraded their option to get the PRO license rather than standard. I absolutely didn’t take it lying down nor did I buckle without having clear and capable legal representation. Thank you for allowing me to post this story on your forum as a warning to others that may have a cracked copy of Altium on their machines in the USA and are connected to Altium.
Thanks for sharing.
Yikes, that's more involved than I imagined.
Very poor form on Altium's part, they should have just said "you are using a bogus license, we understand you might have have gotten duped, please buy a license at a discount otherwise we'll have to take it further.". Probably cost Altium more in legal fees than they got from you. As always the winners are the lawyers.
-
Funny thing is they used network of a corporation they have no relationship with to track down OP...
Also it is debatable, if OP didn't really buy software from them, then any contractual relationships are null and void, including Alitum's right to gather any data from OP, regardless of what it says in a blurb on a screen.
It is a piracy to use illegally purchased software, but Altium cannot spy on people without consent.That is practically industrial espionage and is highly illegal in any country. And in EU it is GDPR violation too..
Yes. if you wanted to take such a case all the way there is a better than average chance that you'd "win". I use "win" in quote marks because you don't actually, it would suck away all your life and money in the process.
-
Regarding data collection, I'm not sure that Altium has done anything illegal here. You installed their software, and allowed it to phone home with details of your PC, either by explicity allowing the connection to Altium servers or failing to manage your firewall. Same MO with Microsoft and thousands of other software providers. From the Altium EULA which all users have agreed to:
3.12. You acknowledge and agree that data provided to Altium, including but not limited to data stored in Altium 365
Service, may be retained in Altium’s records and archived indefinitely in our network backups.
It does not work that way. Implicit contracts are not a thing. Just ask Microsoft and their EU fiasco..
You have to show some contractual relationship, proof of sales, proof of payment or some other document showing user did enter into willing contract with other party and by doing that it had to agree to Terms of agreement.. Even then, a signed Terms of agreement is needed if you want to be sure it's a slam dunk.
Fact is that even if you are a real thief, none of your acts are a waiver of your basic human rights. And a private organization has no authority or jurisdiction or even company license to perform intelligence operations or investigations of any sorts. Not to mention that NSA might be interested Australian company is performing industrial espionage of US corporations..
Not sufficiently blocking them from firewall (which you couldn't because you didn't know they were "threat actor") is "why did you allow to be raped" type of comment. You didn't allow it and other side exploited your vulnerabilities.. You being easy target doesn't make it right.
But as Dave said, I'm sure what Altium did was illegal, but none of us have 10 million USD for legal team to pursue that.
Not that I would purchase 1300 USD janky license for bitcoins from some nonentity anyways..
-
Regarding data collection, I'm not sure that Altium has done anything illegal here.
calling home with some details it's ok.
mapping his customers and contacting them, DEFINITELY NOT!
-
Regarding data collection, I'm not sure that Altium has done anything illegal here.
calling home with some details it's ok.
mapping his customers and contacting them, DEFINITELY NOT!
What irks me is they didn’t contact anyone UNTIL I plugged into a “high value asset” network. Choice words have been used. They obviously thought they were getting a payday.
-
they didn’t contact anyone UNTIL I plugged into a “high value asset” network
Yes, it is a deliberate strategy. And it means that they are not only aware of basic information, but also a certain amount of details, and they cross-reference this information with each other to arrive at conclusions and figure out when the prey should be hit.
A company has the right to protect itself, not working for free and allowing "piracy", of course.
But what I'm reading I'm pretty sure is something that is not allowed under current Privacy regulations, at least in civilized countries.
-
What irks me is they didn’t contact anyone UNTIL I plugged into a “high value asset” network. Choice words have been used. They obviously thought they were getting a payday.
I had the same a few years ago with a different software package (Not Altium).
Similar circumstances.
No action taken for many years.
Suddenly, when I visited a high profile customer, the legal action started.
As if they knew, that this customer had deep pockets.
This really sucks!
-
Good luck trying to enforce this measure in Mainland China... All companies I've done some jobs for the only original software would be Windows if the PC was sold with it Pre installed, like a workstation or a laptop.
If it was build, not even the OS would be official...
To be sincere I would love to see Altium try, as Dassault Systèmes, Microsoft and Adobe...
Sucks to be the OP really, I just hope he gets enough work from now on to offset the costs he had.
-
The data collection is enough to convince me to not use Altium. I'll continue to get by with KiCAD, it's good and getting better all the time. No license to worry about at all.
-
Yeah, another reason for my belief that the only real use of crypto-coin is for illegal operations.
That and maybe stock market like gambling.
boB
-
Funny thing is they used network of a corporation they have no relationship with to track down OP...
Also it is debatable, if OP didn't really buy software from them, then any contractual relationships are null and void, including Alitum's right to gather any data from OP, regardless of what it says in a blurb on a screen.
It is a piracy to use illegally purchased software, but Altium cannot spy on people without consent.That is practically industrial espionage and is highly illegal in any country. And in EU it is GDPR violation too..
Yes. if you wanted to take such a case all the way there is a better than average chance that you'd "win". I use "win" in quote marks because you don't actually, it would suck away all your life and money in the process.
Though in the same way that Altium threatened the OP with action on questionable legal grounds, a reply along the lines of "I won't persue your illegal privacy violation if you drop your case against me " might have been worth a try.
-
Regarding data collection, I'm not sure that Altium has done anything illegal here.
calling home with some details it's ok.
mapping his customers and contacting them, DEFINITELY NOT!
Nobody "mapped" any customers.
They couldn't know the company is his customer. The software phoned home (also) from that network, so they sent the legal nastygram to the owner of that network. It is that simple. Altium had no means to know that it was a contractor using a bogus license on the network of his client until they sent that letter - vs an employee using a cracked copy of Altium on their work PC. Yes, that does happen too. People really are that stupid ...
Let's not make this into some sort of crazy corporate conspiracy.
This "phoning home" functionality is pretty much a standard way of license enforcement on industrial software.
BTW, people who were waving privacy laws here are wrong - those don't apply to B2B relationships, there all that matters is what is in the contract. If you sign (or "agree") to a contract or EULA saying that you owe your firstborn to Microsoft, well, then you may well end up having to deliver at some point. If people finally started to read what fine print is in the T&Cs and EULAs they are clicking through (and thus "agreeing" to - sorry, the courts said this was legal as long as you can see them beforehand and can decline, so tough luck ...), then they maybe wouldn't be surprised as much.
E.g. did you know that pretty much 90% of software EULAs reserve the right for the right holder to come unannounced to your company and audit you, at your expense, for license compliance? Check the licenses for any Microsoft or Autodesk products, for example. Various "analytics" and data collection is mentioned there as well. And you have agreed to all of that ...
-
Regarding data collection, I'm not sure that Altium has done anything illegal here.
calling home with some details it's ok.
mapping his customers and contacting them, DEFINITELY NOT!
What irks me is they didn’t contact anyone UNTIL I plugged into a “high value asset” network. Choice words have been used. They obviously thought they were getting a payday.
I think it might be more of the legality. If you use pirated software it's debatable if you've stolen anything - they could argue that you've deprived them of the profit from a sale, but you can counter by saying you wouldn't've bought it anyway.
OTOH, when you use the product to provide a service for which you're paid, that's a different kettle of fish and they can seriously argue that not only have you deprived them of a sale but you've profited from it too. Thus they do nothing until they know you're using it professionally, and then it's a slam dunk.
-
Some similar cases:
https://www.justice.gov/usao-ks/pr/two-kansas-companies-sentenced-using-illegal-software (https://www.justice.gov/usao-ks/pr/two-kansas-companies-sentenced-using-illegal-software)
https://torrentfreak.com/software-company-still-fighting-u-s-navy-over-millions-in-piracy-damages-220811/ (https://torrentfreak.com/software-company-still-fighting-u-s-navy-over-millions-in-piracy-damages-220811/)
In the US at least, it seems reasonable to sue for cost of license and win in court.
Siemens is doing the same, maybe Altium learned from them: https://www.torrentlawyer.com/2016/09/09/software-developers-are-now-tracking-piracy-through-the-use-of-the-software/ (https://www.torrentlawyer.com/2016/09/09/software-developers-are-now-tracking-piracy-through-the-use-of-the-software/)
In Wave 2 (2016), Siemens filed a similar lawsuit, this time against 100 new defendants. They surprised a number of defendants with settlement numbers of $50,000+ (eventually, we learned that they were settling licenses to their software, and they actually cost that much). This second wave lawsuit \"on the books\" looked to be a failure because they missed a FRCP Rule 4(m) deadline to name and serve defendants. As a result, they dismissed the entire lawsuit, however, I know that they continued after the dismissal to contact accused defendants (or their attorneys) with the intention of having those accused defendants purchase a license to cover their use of the Siemens Industry Software Inc. NX software.
In Wave 3 - 5 (2017-2018), they repeated what was a successful strategy in the previous lawsuits. They spent their time looking for individuals who used pirated versions of their software for profit. In these waves, Siemens Industry Software Inc. considered asking defendants for large settlements, however, to date this has not materialized and they continue to attempt to legitimize their accused defendants to become lifelong customers through the sale of licenses to their software.
In Wave 6-7 (2019), Siemens Industry Software Inc. changed their strategy, attempting to streamline the settlement process. They still analyzed each defendant to determine whether they were a) running their own engineering business (and billing clients using the pirated software), or whether they were b) employees or independent contractors working on a project where their employer did not properly license them. They also analyzed whether the engineer was c) what we call a \"tinkerer,\" although the way Siemens handled this category changed. In previous lawsuits, those that used the software for \"hobby\" purposes (e.g., 3D printing, designing private home uses, etc.) were considered \"tinkerers.\" Many of these engineers knew how to use the software from work (where they were properly licensed). Others used the software for training purposes only (for the purpose of one day getting a job where they would need to use that software). Because their use was formerly considered \"non-revenue producing,\" Siemens did not require them to obtain a software license.
IN WAVES 6 AND 7, *THIS CHANGED*. In the most recent set of cases, Siemens Industry Software Inc. still asked defendants to buy software from them to legitimize their use. It did not necessarily need to be the same $30,000 NX software they used prior to being sued, but lesser versions with fewer features, or altogether other software packages were presented as options.
Obviously how Altium handled this was not ideal, they could have blocked the license in an upgrade, etc. But, this could be the reality going forward.
For any pirated software, always block all ingoing + outgoing connections in windows firewall.
-
Makes me wonder if Altium have people going after those who still have access to free AD through university, etc., and using it for commercial work.
-
The thing is the OP did not know he was using a pirated license.
He tried to do he proper thing and get a license but with how expensive Altium is these days it is understandable that he didn't want to pay full price for it. If he uses Altium at work then i can also understand not wanting to use a cheaper tool for this. Sure the bitcoin part becomes suspicious but when you find a good deal and are under time pressure to make it happen a lot of people would let the guard down (especially with a seller they heard good reputation of).
We can thank the OP for sharing the story to serve as a warning to anyone else who thought this might be a good idea to do.
Lesson here is that if you bring your own computer to any corporate network be careful about what you let into the internet or tunnel your way out of there before going into the internet.
-
Nobody "mapped" any customers.
They couldn't know the company is his customer.
so they sent the legal nastygram to the owner of that network. It is that simple.
no conspiracy here.
that might be a reasonable explanation but does not explain why these actions occur only after the "pirate" has become economically attractive and able to pay for years of licensing.
-
E.g. did you know that pretty much 90% of software EULAs reserve the right for the right holder to come unannounced to your company and audit you, at your expense, for license compliance? Check the licenses for any Microsoft or Autodesk products, for example. Various "analytics" and data collection is mentioned there as well. And you have agreed to all of that ...
the fact that I pressed "I agree" in a EULA that want to take actions not allowed by law, does not make that contract valid. you can't write in the conditions that (e.g. I exaggerate) by using that software you give up ownership of your internal organs to the developer. so even if they write anything, it still has to be allowed by the various laws and regulations.
-
The thing is the OP did not know he was using a pirated license.
He tried to do he proper thing and get a license but with how expensive Altium is these days it is understandable that he didn't want to pay full price for it. If he uses Altium at work then i can also understand not wanting to use a cheaper tool for this. Sure the bitcoin part becomes suspicious but when you find a good deal and are under time pressure to make it happen a lot of people would let the guard down (especially with a seller they heard good reputation of).
We can thank the OP for sharing the story to serve as a warning to anyone else who thought this might be a good idea to do.
Lesson here is that if you bring your own computer to any corporate network be careful about what you let into the internet or tunnel your way out of there before going into the internet.
Correct on all fronts. I had sent my clients screenshots of the license page showing them it was “valid” to instill confidence. They knew there were pirated copies out there and so did I, and having that working license along with my company name gave me full confidence. Having contacted Altium Sales for support gave me added confidence. If it was illegal then why didn’t they say so? I had a lengthy discussion with a former East Coast (USA) Altium Sales engineer, Andrew Krautner, who suspiciously left the company just as the situation was getting underway. We had discussed adding the SolidWorks MCAD connector around August 2020 and he gave me a trial of it. And it worked fine. I had full access to the Component manager and associated Active BOM. How could I not believe it was 100% legitimate?
The fact is I couldn’t. I got ripped off and proving it was impossible. I had emptied and closed my bitcoin wallet after the prices went to its peaks in late 2019 and I cashed out. I pled my case to my attorney and that was it. I’m not some high rolling EE. I was a technician for 15 years before my wife left me and I decided I needed to make more money so I became a PCB designer. I’d used other free packages for years but worked for a couple companies that used Altium. I organically came up, made some designs for myself and others. Sold some of them. It was fun.
Now it’s not fun, I’m pissed off. But what am I going to do about it other than find another client somehow with my best bridge and reference burnt to a crisp?
-
$18K? I'd close the company and create a new one :-DD
Here, under certain circumstances, they dodge a lot of debts that way by creating limited companies.
That way, legally they can only sue the company, not you. However burocracy is not my thing.
Knew several guys with debts near 5 digits. No problem, I create a new company but at my wife's name.
Then he worked there with employee title, but actually doing the important stuff, appearing as simple worker to Authorities to dodge all the legal stuff.
4-5 years after, the debt is expired, that day at 00:00h it became the manager again.
"Envision Electronics Ltd." ->"Envision Technologies Inc." -> Keep using pirated Altium, destroy Ethernet port so it can't ever connect to Internet.
That's what you get when you abuse using your priviledged position.
-
$18K? I'd close the company and create a new one :-DD
Here, under certain circumstances, they dodge a lot of debts that way by creating limited companies.
That way, legally they can only sue the company, not you. However burocracy is not my thing.
I very nearly did this just a few weeks ago. I’d much rather have a legal license given PCB design is a passion of mine and still like Altium even with its many flaws. I do use it daily for work and am extremely fluent in that I also teach and tutor others.
-
I very nearly did this just a few weeks ago. I’d much rather have a legal license given PCB design is a passion of mine and still like Altium even with its many flaws. I do use it daily for work and am extremely fluent in that I also teach and tutor others.
Nothing stopping you from opening a new company any paying for a legal license on that one.
Granted its already ~$12k if you got a perpetual license so the 6k savings may not be worth it.
-
Nothing stopping you from opening a new company any paying for a legal license on that one.
Granted its already ~$12k if you got a perpetual license so the 6k savings may not be worth it.
I was already into the agreement and my attorney thought they might try to go after me personally. I didn’t want to drag this out. The kicker? I couldn’t buy the perpetual license and was forced into a 3 year on-demand. So I have to buy a perpetual in 2025 if they even offer it by then.
-
I'm curious whether they can provide a written statement of proof of legitimate ownership. Or title if you will. Would a salesperson have the legal authority to issue such a statement? A manager? Their legal side?
Hm, is there even anything in the normal license and sale that prohibits them from suing you under otherwise normal conditions (i.e. without suspicion of duplicating / selling / etc. as prohibited by terms and permitted in the region)? It's been so long since I saw the terms I don't remember, hmm...
(Point being, they might simply decline to do so, even if you're doing everything fully legitimately, even if you offer to pay as some kind of additional level license, or contract; just because such statement or contract would limit them from potential future actions whether they need to or not.)
Tim
-
Nobody "mapped" any customers.
They couldn't know the company is his customer.
so they sent the legal nastygram to the owner of that network. It is that simple.
no conspiracy here.
that might be a reasonable explanation but does not explain why these actions occur only after the "pirate" has become economically attractive and able to pay for years of licensing.
Well but that has likely nothing to do with "mapping anyone's customers" but all to do with the fact that if they sue him/her for a single violation, the court would likely send them packing as the relief demanded would be disproportionate to the offense claimed. So they likely needed/wanted to accumulate more evidence that this was systematic and not a one time issue. But I don't know what their legal strategy is/was.
E.g. did you know that pretty much 90% of software EULAs reserve the right for the right holder to come unannounced to your company and audit you, at your expense, for license compliance? Check the licenses for any Microsoft or Autodesk products, for example. Various "analytics" and data collection is mentioned there as well. And you have agreed to all of that ...
the fact that I pressed "I agree" in a EULA that want to take actions not allowed by law, does not make that contract valid. you can't write in the conditions that (e.g. I exaggerate) by using that software you give up ownership of your internal organs to the developer. so even if they write anything, it still has to be allowed by the various laws and regulations.
Sure - but that about the firstborn was a hyperbole to drive the point home. The "phone home" functionality and license enforcement certainly don't fall under that category. People forget that many consumer protection and privacy laws in the EU apply only to physical persons/consumers and not businesses and contractual relationships between them. Once you are a contractor, you are a business and a different (and much looser) set of rules applies.
-
There's a lot of murky stuff that envisionelec has been through. I sympathize with him and wish him the best in his future.
My first thought was the "first sale" law in the US (https://www.justice.gov/archives/jm/criminal-resource-manual-1854-copyright-infringement-first-sale-doctrine (https://www.justice.gov/archives/jm/criminal-resource-manual-1854-copyright-infringement-first-sale-doctrine) ). That is, someone can resale a legitimate copy of a copyrighted work.
The second was a question of timing. Adverse possession generally applies to real property, and application of that law to IP is evolving. Google can give some references. The one from Harvard Law Review was too lengthy for me to read. But, it remains a question. Therefore, the smart lawyers at Altrium wanted to wait until it was financially worthwhile to sue, but not too long.
Now, as for a possible defamation lawsuit against Altrium, there is probably some basis for that in that envisionelec thought he had a legitimate license. The problem is cost, as in the American system, both sides pay their own costs.
In the end, I think envisionelec chose the most economical route. It's a bit disturbing that he cannot get a perpetual license now, but his attorney probably knew the defamation lawsuit would be a longshot.
-
I was already into the agreement and my attorney thought they might try to go after me personally. I didn’t want to drag this out. The kicker? I couldn’t buy the perpetual license and was forced into a 3 year on-demand. So I have to buy a perpetual in 2025 if they even offer it by then.
Yeah I guess thats a possibility if you are not 100% strict with the business: https://web.archive.org/web/20170520215758/https://www.sba.gov/blogs/three-ways-lose-personal-liability-protection-and-what-do-about-it (https://web.archive.org/web/20170520215758/https://www.sba.gov/blogs/three-ways-lose-personal-liability-protection-and-what-do-about-it)
My first thought was the "first sale" law in the US (https://www.justice.gov/archives/jm/criminal-resource-manual-1854-copyright-infringement-first-sale-doctrine (https://www.justice.gov/archives/jm/criminal-resource-manual-1854-copyright-infringement-first-sale-doctrine) ). That is, someone can resale a legitimate copy of a copyrighted work.
Its not a legitimate copy though, doesn't matter if you thought it was legit or not when you bought it. This is the value in purchasing from an established company through name, so if it turns out to not be legit, you might be able to go after them. Of course this is incredibly difficult, because the lawyers will likely come and threaten you if you list your license for sale (oddly there is one on ebay atm, could be a scam though ebay.ca/itm/294171309463).
The only out could be if Altium certified in writing "the license you have is legit", but, they only implied as such. I don't know if that is enough.
-
I'm curious whether they can provide a written statement of proof of legitimate ownership. Or title if you will. Would a salesperson have the legal authority to issue such a statement? A manager? Their legal side?
When you run altium it doesn't work unless your license is validated by the Alitum server, and it tell you in the software whether it's legit or not.
Doesn't this imply that Altium have approved the license for use?
This is not hacked software that bypasses the Altium server check or something, right?
-
When you run altium it doesn't work unless your license is validated by the Alitum server, and it tell you in the software whether it's legit or not.
Doesn't this imply that Altium have approved the license for use?
This is not hacked software that bypasses the Altium server check or something, right?
I was able to login and use the Component Manager. I had checked “YES” to send data to Altium. I used 365 to work with my client. We exchanged design change information. From my perspective I don’t know how that could have worked if it was hacked to bypass their servers. If I wasn’t connected to the internet, it couldn’t access any of those features.
I never spoke to anyone at Altium and I was on a blacklist to their sales and media team. I tried through their Reddit account, YouTube anywhere I could to get answers. They’d either ignore me or tell me to work through the attorneys. I feel railroaded but what else could I have done but step up, tell them everything I knew and hope for the best?
-
I'm curious whether they can provide a written statement of proof of legitimate ownership. Or title if you will. Would a salesperson have the legal authority to issue such a statement? A manager? Their legal side?
When you run altium it doesn't work unless your license is validated by the Alitum server, and it tell you in the software whether it's legit or not.
Doesn't this imply that Altium have approved the license for use?
This is not hacked software that bypasses the Altium server check or something, right?
Nah that's all automated process, no legal representative is involved.
For example, whether there are bypasses in that API, who knows. Maybe they know, maybe they don't. Maybe the file merely need be self-consistent to pass. Maybe it's a crypto key and they check it against their database (one would at least hope they have something like this?!). Maybe it's both and they intentionally make it permissive to track questionable usage easier..!
...Is there anything about this in the EULA, or site terms or anything? Usage terms on their servers might yield some clues, albeit vague. I would think it reduces to something like: use of services does not constitute legal entitlement to usage of paid software, rights reserved, etc.
I never spoke to anyone at Altium and I was on a blacklist to their sales and media team. I tried through their Reddit account, YouTube anywhere I could to get answers. They’d either ignore me or tell me to work through the attorneys. I feel railroaded but what else could I have done
This is SOP. Most salespeople are instructed to, once a legal threat has been made, direct the party to their lawyers exclusively. Anything an employee might say could be construed as evidence against the case; employees don't have authority to make legal statements; etc.
You might not need legal representation to talk to their lawyers, but the likelihood of saying something stupid goes up exponentially, so if you wish to continue doing any kind of business with the company at that point (or have to prosecute them, or defend yourself from them), best do it through a lawyer.
tell them everything I knew and hope for the best?
Also a good plan is to STFU. Not to add insult to injury, of course -- again, my condolences -- but FYI.
Relevant clip:
https://www.youtube.com/watch?v=V6tfEZI54Jg (https://www.youtube.com/watch?v=V6tfEZI54Jg)
Of course, they're talking about police, but police are but agents of the criminal legal system. Similar (different, but similar) principles apply for civil cases. Or indeed, if a piracy case happens to be brought under criminal rules, well, there you go. (Sounds like that's not the case here, but something to keep in mind for those, ehh...deeper into things shall we say.)
Provide only what information has been requested, that they have a legal right to ask for. Namely: that a court has ordered you to deliver, or, more to the point -- that your lawyer says you have to. You can (and should!) provide as much info as possible to your lawyer, and should give as little as possible to a potential adversary.
Likely here, they built enough of a case against you from usage logs, tracking whatever info the license file has, along with the phone-home (that you enabled(!!)), and simply waited until a big enough target presented itself (i.e. your client). And failing that, they fell back on you for any kind of payday they could extract.
Anything you admitted to, along the way, might not've even been relevant -- they might've already known where the file came from and that it was transferred in violation of terms, or absent from the database and immediately flagged, or something; or it might've further tightened their case against you.
If nothing else -- also a lesson that corporations are not here to return good will, or good-faith effort. Corporations are in it for the money, and money alone. Assert your privacy rights early and often; there is no such thing as "having nothing to hide". The legal system is strictly adversarial, and works on strength of evidence; lack of evidence, or defense against it, is indeed taken as guilt of a charge. ("Innocent until proven guilty" is criminal only..!)
If it helps the explanation -- like science, law is a system of reason; but it is a system parallel to, and different from, science. (Indeed, significantly predating modern science as we know it.)
For example, science is admissible in court, but strictly in the form of a witness testifying to such (or related material doing the same: affidavits, briefs, etc.). Two witnesses can give perfectly contradictory "scientific" evidence (on, according to science, "well proven" subjects), and this is perfectly consistent from a legal standpoint. Whereas in science, such a contradiction would be, at best, paradoxical, and more likely simply out-and-out false. But in law, such contradictions are simply unresolved allegations. Any points the parties do not contest, or consent to, or agree upon; and which the judge has not dismissed -- are left to be proven in a court, in front of a jury of peers -- if taken this far, it is left up to the common man to decide which points are legal fact and which are not. (Scary, huh?!)
Standard disclaimers, IANAL, not legal advice, etc. etc.
Tim
-
tell them everything I knew and hope for the best?
Also a good plan is to STFU. Not to add insult to injury, of course -- again, my condolences -- but FYI.
To clarify, I only communicated my legal position with my attorney. I contacted Altium through those means to find out why they stopped talking to their counsel for 5 months while everything I worked for disappeared.
-
As far as i understand, this case is special in that the OP fell victim to a scam right at the beginning. At least that's the claim.
Probably the large majority are cases where kids or students find those key generators online and try them to install a very expensive software ("trophy"). We don't know who puts those key generators onto the web. Could be the software companies themselves, trying to discover new clients online. So it makes sense they spy for some time to find out whether they discovered a professional client - probably an extremely rare case again. They will know looking at the projects executed.
Of course somebody aware of using a false license won't ask for support.
Regards, Dieter
-
We don't know who puts those key generators onto the web. Could be the software companies themselves, trying to discover new clients online.
Most of the times are programmers who are very good and like a good challenge or being the first to crack a new product.
https://youtu.be/4OnTv2989OQ
I don't know any company who would to that from start.
-
tell them everything I knew and hope for the best?
Also a good plan is to STFU. Not to add insult to injury, of course -- again, my condolences -- but FYI.
To clarify, I only communicated my legal position with my attorney. I contacted Altium through those means to find out why they stopped talking to their counsel for 5 months while everything I worked for disappeared.
Ah good, got it.
Also should add, your lawyer probably clarified much of this to you, so this is mainly for others' interest of course.
Tim
-
For example, science is admissible in court, but strictly in the form of a witness testifying to such (or related material doing the same: affidavits, briefs, etc.). Two witnesses can give perfectly contradictory "scientific" evidence (on, according to science, "well proven" subjects), and this is perfectly consistent from a legal standpoint. Whereas in science, such a contradiction would be, at best, paradoxical, and more likely simply out-and-out false. But in law, such contradictions are simply unresolved allegations. Any points the parties do not contest, or consent to, or agree upon; and which the judge has not dismissed -- are left to be proven in a court, in front of a jury of peers -- if taken this far, it is left up to the common man to decide which points are legal fact and which are not. (Scary, huh?!)
Tim
AFAIK your are completely correct on this. And totally scary. This is the feedstock of the current wave of ambulance chasers going after Roundup here in the US. There is still some scientific dispute about whether Roundup is the primary culprit in a family of diseases, but after a single jury of 12 non-scientists decided that Roundup is the cause it is now legally an established fact.
-
When you run altium it doesn't work unless your license is validated by the Alitum server, and it tell you in the software whether it's legit or not.
Doesn't this imply that Altium have approved the license for use?
This is not hacked software that bypasses the Altium server check or something, right?
Hacked software often strips validation routines, such as pawning a conditional in the byte code from an equals to, to a not equals to. Vis: If not has a valid membership card then eat for free. Hackers also strip phone home addresses, often routing to localhost if another bypass mechanism is not available. So why then did the Altium server still legitimatise this phoney copy? Because it was a legitimate unabridged pirate copy?
Maybe Altiums keygen was nothing more than a weak hashing or, a DES crypt with private keys visible as strings in the binary? Or did (oops) Altium expose their keys to the world wide web due to a misconfiguration? Whatever, someone with a specific interest in Altium - why not Adobe Photoshop - spent time and effort attracting an interest from a very small community and, built a money laundering pathway.
And on this pathway, I again ask the OP if they can remember the BTC transaction id TXID, as their payment will be forever visible on a blockchain explorer. What other wallet history did/does the scammer's wallet have? Becuase this is where Altium's legal circus should be directing their enforcement effort.
-
And on this pathway, I again ask the OP if they can remember the BTC transaction id TXID, as their payment will be forever visible on a blockchain explorer. What other wallet history did/does the scammer's wallet have? Becuase this is where Altium's legal circus should be directing their enforcement effort.
True, but why lose man time amd money following a lead that could result in not being able to enforce a fine or a criminal conviction (some living in Russia or China for example) when they can go easily to who was caught with the pirate key and ask him to pay?
Clearly as this situation developed, it was way easier to get what they wanted this way.
-
And on this pathway, I again ask the OP if they can remember the BTC transaction id TXID, as their payment will be forever visible on a blockchain explorer. What other wallet history did/does the scammer's wallet have? Becuase this is where Altium's legal circus should be directing their enforcement effort.
ALL possibilities were exhausted.
-
We can thank the OP for sharing the story to serve as a warning to anyone else who thought this might be a good idea to do.
Lesson here is that if you bring your own computer to any corporate network be careful about what you let into the internet or tunnel your way out of there before going into the internet.
Probably the same will happen when you are delivering the results as the consultant. The same information is saved to your project file, when they open it at the corporate network, it checks if the computers creating the files had a legitimate license. Computer name for example is clearly displayed on the schematic properties.
-
For example, science is admissible in court, but strictly in the form of a witness testifying to such (or related material doing the same: affidavits, briefs, etc.). Two witnesses can give perfectly contradictory "scientific" evidence (on, according to science, "well proven" subjects), and this is perfectly consistent from a legal standpoint. Whereas in science, such a contradiction would be, at best, paradoxical, and more likely simply out-and-out false. But in law, such contradictions are simply unresolved allegations. Any points the parties do not contest, or consent to, or agree upon; and which the judge has not dismissed -- are left to be proven in a court, in front of a jury of peers -- if taken this far, it is left up to the common man to decide which points are legal fact and which are not. (Scary, huh?!)
Tim
AFAIK your are completely correct on this. And totally scary. This is the feedstock of the current wave of ambulance chasers going after Roundup here in the US. There is still some scientific dispute about whether Roundup is the primary culprit in a family of diseases, but after a single jury of 12 non-scientists decided that Roundup is the cause it is now legally an established fact.
I would say that this situation is not so simple. I do not know about Roundup in particular, so I am not referring to this. However, I have a close relative who worked on these sorts of cases for a number of years, and got to learn some interesting things. There are many other things that sway juries in these cases that don't make it to the general public: These include proprietary scientific data that was never published, business discussions regarding funding external entities (generally universities and associated professors) and reviews and suggested edits before publication of data, including leaving out unfavorable data. In addition, there are a surprising number of outright incriminating communications about burying undesirable scientific results. Juries do not need much scientific training to handle the latter, but these are also part of the evidence that must be weighed.
Also, at least in medical and biological sciences, scientific publications are really poor quality compared to engineering and physics, for example. It is a recognized crisis, in fact, with two main concerns: inability to replicate studies, and a paucity of negative studies.
John
-
An exception to the laxity of introducing conflicting science is "Judicial Notice." For example, if an attorney tried to present a "flat Earth" expert, the judge might take judicial notice that the Earth is roughly a sphere.
https://www.law.cornell.edu/wex/judicial_notice#:~:text=Judicial%20notice%20is%20used%20by,evidence (https://www.law.cornell.edu/wex/judicial_notice#:~:text=Judicial%20notice%20is%20used%20by,evidence)
-
Probably the same will happen when you are delivering the results as the consultant. The same information is saved to your project file, when they open it at the corporate network, it checks if the computers creating the files had a legitimate license. Computer name for example is clearly displayed on the schematic properties.
Interesting point, but I had two customers that each had Altium in-house and no problems or suspicions arose.
The exhibition provided by Altium contained the License Name, IP address, WiFi Location (if available), MAC and the activation code. And it was the activation code that I found on a list of “cracked” activations when I Googled them.
You know that feeling when your heart sinks into your stomach on learning bad news? That was the feeling.
-
We can thank the OP for sharing the story to serve as a warning to anyone else who thought this might be a good idea to do.
Lesson here is that if you bring your own computer to any corporate network be careful about what you let into the internet or tunnel your way out of there before going into the internet.
Probably the same will happen when you are delivering the results as the consultant. The same information is saved to your project file, when they open it at the corporate network, it checks if the computers creating the files had a legitimate license. Computer name for example is clearly displayed on the schematic properties.
Really? Under which keys?
Everything in a PrjPcb looks pretty stock, there's identifying information like paths and printers sure, but not the kind of stuff you're talking about. At least that I can see at a glance. (For those unaware, it's just a [section] ... key=value formatted file, plain text. So, any such data has to be stored similarly.)
Not sure if the same is true of SchDocs as they're binary, but they also largely encapsulate ASCII plaintext, by the look of it anyway, so it wouldn't surprise me if the same kind of key-value sets might be present, including for such data. (I say that despite the obvious value of obfuscating such data with some manner of binary encoding; there doesn't look to be any blocks of such present.)
Tim
-
I'm curious whether they can provide a written statement of proof of legitimate ownership. Or title if you will. Would a salesperson have the legal authority to issue such a statement? A manager? Their legal side?
When you run altium it doesn't work unless your license is validated by the Alitum server, and it tell you in the software whether it's legit or not.
Doesn't this imply that Altium have approved the license for use?
This is not hacked software that bypasses the Altium server check or something, right?
A Standalone license does not do that. In my installations when I sniff on my switch's mirror port, I see no traffic to altium. In the Preferences - Network I shut all of that off and it seems to work - no network interaction with anything... If you have a standalone license, get a netgear that you can make a port mirror all traffic, and run wireshark or some other packet sniffer..
In fact, a lot of our installs are behind one way transfers so there's no way any traffic can get down to the low/black segment. For other installs that have internet access, we are not allowed to use things like Altium or Cadence's on line crap since it's not ITAR. Altium even mentions this in their tech notes
https://www.altium.com/trust-faqs (https://www.altium.com/trust-faqs)
where:
"At present, Altium 365 does not have official government certifications and is not ITAR compliant."
There's a reason we use standalone licenses...
-
I'm curious whether they can provide a written statement of proof of legitimate ownership.
I'm sure they could, but the more appropriate question is whether it would be in their interest to do so, and I think it's pretty clear that they would consider it not to be.
-
Hacked software often strips validation routines, such as pawning a conditional in the byte code from an equals to, to a not equals to. Vis: If not has a valid membership card then eat for free. Hackers also strip phone home addresses, often routing to localhost if another bypass mechanism is not available. So why then did the Altium server still legitimatise this phoney copy? Because it was a legitimate unabridged pirate copy?
Maybe Altiums keygen was nothing more than a weak hashing or, a DES crypt with private keys visible as strings in the binary? Or did (oops) Altium expose their keys to the world wide web due to a misconfiguration? Whatever, someone with a specific interest in Altium - why not Adobe Photoshop - spent time and effort attracting an interest from a very small community and, built a money laundering pathway.
There are a few pirate Altium licenses, same ones for 10+ years?, but, it also includes instructions to copy a dll "shfolder.dll" to the Altium installation.
The included "keygen" is simply a way to change the text details of the existing license alf (to display "licensed to xx company name" like OP refers to), it will not let you generate new keys.
So if OP had been given custom installer files, you'd think it wouldn't work without the dll (I have no idea what that dll actually does though), and you'd think updates wouldn't work.
If you attempt to use the online features with the widely available crack, do they work? I don't know if someone is willing to risk it to find out.. As I mentioned above, kind of stupid but also devious, if Altium is purposefully allowing these very well known copied licenses to access their online features/365, etc.
Probably too late to check at this point, but, maybe OP can recall if it was one of the following keys:
-
.. I found a seller on a forum who claimed to be selling the assets of a large contract manufacturer located in or near Poland.
That may point to Ukraine as the source. Altium has/had a development team there. Could had been a corrupt developer or a pimp from one of local forums where leaked keys were floating which you were not aware about.
-
The confidence came when the seller sent me screen shots of my company information on the AD license page.
So I guess the moral is, if you are concerned your copy of Altium might not be legit, is to make sure your information is not on the AD license page.
-
There are a few pirate Altium licenses, same ones for 10+ years?, but, it also includes instructions to copy a dll "shfolder.dll" to the Altium installation.
The included "keygen" is simply a way to change the text details of the existing license alf (to display "licensed to xx company name" like OP refers to), it will not let you generate new keys.
So if OP had been given custom installer files, you'd think it wouldn't work without the dll (I have no idea what that dll actually does though), and you'd think updates wouldn't work.
If you attempt to use the online features with the widely available crack, do they work? I don't know if someone is willing to risk it to find out.. As I mentioned above, kind of stupid but also devious, if Altium is purposefully allowing these very well known copied licenses to access their online features/365, etc.
Probably too late to check at this point, but, maybe OP can recall if it was one of the following keys:
The activation code is in that list and as I have stated earlier in the thread, I did quite a bit of reconnaissance work but stopped short of trying to download a pirated version to test it. Your explanation seems the most plausible.
-
The confidence came when the seller sent me screen shots of my company information on the AD license page.
So I guess the moral is, if you are concerned your copy of Altium might not be legit, is to make sure your information is not on the AD license page.
I’m not understanding what you’re trying to say. My company name appears on the License page in Altium just as it did with the pirated copy. I could not tell a difference and still cannot.
-
The activation code is in that list and as I have stated earlier in the thread, I did quite a bit of reconnaissance work but stopped short of trying to download a pirated version to test it. Your explanation seems the most plausible.
So that is interesting if it works without the shfolder.dll crack, presumably once AD goes online it activates.
Says that Altium is knowingly providing online services to widely available pirated license keys.
Its in their best interests for them to keep these keys valid, for whatever reasons. Speculation in the past has always been to not make software too hard to crack, to promote wider use. But this also helps with tracking.
I’m not understanding what you’re trying to say. My company name appears on the License page in Altium just as it did with the pirated copy. I could not tell a difference and still cannot.
I think their point was that the company name on the license should be the person that sold it to you. Of course, its all completely meaningless as you know now.
.. I found a seller on a forum who claimed to be selling the assets of a large contract manufacturer located in or near Poland.
That may point to Ukraine as the source. Altium has/had a development team there. Could had been a corrupt developer or a pimp from one of local forums where leaked keys were floating which you were not aware about.
Anyone can just google and find these keys. They've been widely known for over 5 years.
But sure, original source was likely some leak or hack.
-
I think their point was that the company name on the license should be the person that sold it to you. Of course, its all completely meaningless as you know now..
I see. I interpreted it as a successful license transfer at the time.
-
FWIW (free, you get what you pay for, blah blah, etc.), in other areas of the law, knowingly allowing someone to commit a crime, or violate a contract, means that you have given permission for that activity and as a result any future case you file in court or otherwise try to prosecute can become much weaker. Trademarks are one example.
So, the longer they knowingly wait to prosecute, the thinner the ice gets, so to speak, because at some point they are allowing it to happen. A risky strategy on Altium's part, perhaps? Someday they will hit someone who is itching for a fight or feels that they have little to lose.
It seems to me is that this kind of activity is certainly going to alienate some portion of the userbase. I know for sure that if I were a consultant or independent business and absolutely needed Altium, I would save every scrap of info I ever got from Altium and ask them for written clarification on every little thing in their contract that I didn't understand. It puts the ball in their court, so to speak.
It's a shame, really. I wish they spent the money on making the tool better. I mean, engineers seem to be cheaper than lawyers these days. They are probably run by some pinhead MBA at this point...
-
One theory about this type of behavior is they want to hook newbies and others on the SW. Big companies know that few on this category can or will pay big bucks for the software. But given the large investment in learning the UI will pay up when they "go pro".
This exactly fits the OPs experience. I'm not a lawyer so have no ideà if the delay in this case puts them on thin ice, but would love to see a good lawyer pursue this defense.
-
I don't think it is a defence. They could say that it took some time to notice in the first place, and then they took some time to be sure they weren't going to cut off a real customer, and then took some time to find somewhere to send the cease and desist (the alleged end user details may well be fake, but the clients network has a company with an actual address to which the letter can be sent).
-
It is a defense, just a very difficult one to implement. It comes down to what is considered a reasonable time. This could be argued in court, but a common big company strategy is to scare people away from doing this. So, they can argue all those things, and it is difficult to prove what is reasonable or not. However, I have seen at least one company try these things and lose. They got too greedy. It just doesn't happen very often, and there may be agreements to remain quiet as part of the settlement.
-
It is a defense, just a very difficult one to implement. It comes down to what is considered a reasonable time. This could be argued in court, but a common big company strategy is to scare people away from doing this. So, they can argue all those things, and it is difficult to prove what is reasonable or not. However, I have seen at least one company try these things and lose. They got too greedy. It just doesn't happen very often, and there may be agreements to remain quiet as part of the settlement.
Agreed. Letting somebody use a pirated copy for a prolonged period, equals to allowing someone to continue. You could even argue that Altium's behaviour has maximised the damage for the OP instead of taking immediate action. Perhaps the OP can reveal some details about the time that has passed between Altium identifiying him and taking action. If that is more than several months, then a defense based on allowing the situation to continue can be succesfull (depending on the law system).
-
Perhaps the OP can reveal some details about the time that has passed between Altium identifiying him and taking action. If that is more than several months, then a defense based on allowing the situation to continue can be succesfull (depending on the law system).
3.5 years. From October 2018 through April 2022.
It was and remains a very part time role for me - less than 10 hours a week.
-
One potentially interesting legal aspect - Altium are the only ones who can say whether or not a license is genuine, but they could hardly be seen to be impartial in court, so it effectively boils down to your word against theirs, with the onus on them to prove the case..
-
One theory about this type of behavior is they want to hook newbies and others on the SW. Big companies know that few on this category can or will pay big bucks for the software. But given the large investment in learning the UI will pay up when they "go pro".
Eh, maybe, but the simpler explanation is just prioritization of legal resources. Somebody designing hobby PCBs at home for fun using a pirated version is a) less likely to have the resources to buy a license in the first place, let alone be able to pay license fees + penalties if legal action is taken b) less likely to be *profiting* from the pirated software and c) part of a very large number of people in similar circumstances. Since a larger company is more likely to have money to put towards legit licenses as well as penalties (and may have multiple pirated licenses), be risk averse enough to want to be resolve the issue quickly (if only to cover their own asses), be profiting from the use of the pirated software the return on the expenditure of resources is much better for going after them.
That doesn't mean that Altium couldn't have been a little more understanding in dealing with the OP, and especially that they shouldn't have left them hanging for so long without resolving the situation one way or another, but if you can't go after every single pirate license it's just plain sensible to go after the bigger fish that are more likely to cave to your demands. It's possible that whatever tools they use for monitoring the license checks don't even bother raising an alert if that license check comes from a residential ISP IP or a coffee shop or whatever, and only pings their enforcement team when it resolves to a commercial location.
IANAL, but I don't think the 'you didn't sue me for X time therefore you can never sue me ever' argument holds any legal weight. I certainly know that a lot of licensing agreements I've seen have a specific clause saying something to the effect that failure to take action against any particular violation of the agreement is not a waiver of the right to take action against that or any other violation at any future point in time.
All that said, it certainly does suck that the OP had to go through all of this, and that Altium weren't more understanding and responsive about it.
-
IANAL, but I don't think the 'you didn't sue me for X time therefore you can never sue me ever' argument holds any legal weight. I certainly know that a lot of licensing agreements I've seen have a specific clause saying something to the effect that failure to take action against any particular violation of the agreement is not a waiver of the right to take action against that or any other violation at any future point in time.
This is not what has been said. You can just about always sue anyone for anything, or close. It's whether you win or lose the suit. And, it is a tough thing to win on, to be sure. But, it is not impossible, just unlikely and expensive, so highly risky to pursue as a legal remedy.
It's also risky to buy a license from someone overseas in Bitcoin, at least it would appear so to me.
Gotta say, though, it does not make me think of Altium as a company to do business with unless you don't have a better choice. Unfortunately, that's the reality for some.
-
One theory about this type of behavior is they want to hook newbies and others on the SW. Big companies know that few on this category can or will pay big bucks for the software. But given the large investment in learning the UI will pay up when they "go pro".
Eh, maybe, but the simpler explanation is just prioritization of legal resources. Somebody designing hobby PCBs at home for fun using a pirated version is a) less likely to have the resources to buy a license in the first place, let alone be able to pay license fees + penalties if legal action is taken b) less likely to be *profiting* from the pirated software and c) part of a very large number of people in similar circumstances. Since a larger company is more likely to have money to put towards legit licenses as well as penalties (and may have multiple pirated licenses), be risk averse enough to want to be resolve the issue quickly (if only to cover their own asses), be profiting from the use of the pirated software the return on the expenditure of resources is much better for going after them.
I disagree. How much does it cost to send a letter or an email to somebody? It doesn't even have to be a threatening letter; it just has to say 'according to us you are using a non-registerd copy of Altium. Please check your license with your local Altium dealer'. There are likely a whole bunch of people out there that got scammed who would like to use an official Altium license.
Also there is no agreement in effect because the OP didn't buy an official Altium license. So anything that is beyond copyright in the license agreement has no value where it comes to users of pirated copies. You can not keep somebody to an agreement that was never made.
-
I have purchased numerous legitimate copies of Altium over the past 30 years starting way back when it was called Tango and then Protel.
If you have a private license server, and if you have selected the don’t phone home (Altium) option. Does Altium actually respect that and not phone home?
How does one go about verifying that Altium does not have a port open to the mother ship?
-
How does one go about verifying that Altium does not have a port open to the mother ship?
Install a good firewall.
Choose a setup that notifies you when anything want to connect to the network.
Actually when you do, you will be surprised of all the software that wants to call home.
As I said earlier, I got in trouble once with a corporate customer and since then I am using a firewall on all my visits to a client.
-
How does one go about verifying that Altium does not have a port open to the mother ship?
Install a good firewall.
Choose a setup that notifies you when anything want to connect to the network.
Actually when you do, you will be surprised of all the software that wants to call home.
As I said earlier, I got in trouble once with a corporate customer and since then I am using a firewall on all my visits to a client.
I'm looking for some guidance regarding Altium and firewall settings. I no longer have a support contract with Altium and I do have a legitimate private license server. I do not want Altium communicating with their servers, I don't see why it should be if I no longer have support.
Windows10FirewallControl is notifying me that both dxpSecurityService.exe as well as dxp.exe are attempting to make a connection. The option for No, I wish to remain disconnected from Altium is selected.
From my understanding Altium does need to get permission from the private license server, however my understanding is that should not require an outboard connection.
The correct settings for Windows Firewall control are not obvious to me:
Beyond the Enable and Disable all settings, there is a Apply permissions Zone, and the recommended setting for dxp.exe is Peer2PeerZone
Should I simply disable all or will that prevent the license server from validating Altium or should I enable Peer2Peer?
-
For a software like Altium, you for sure select "Disable All" at first.
Later you can open some ports / connections, depending if needed.
I my experience for most CAD applications, I have them on "Disable All" all the time.
-
Is there a good firewall manager program for folks who don't (want) to know anything about networking firewalls?
(asking for a friend :P)
-
Is there a good firewall manager program for folks who don't (want) to know anything about networking firewalls?
(asking for a friend :P)
Choose the free or basic version
https://www.sphinx-soft.com/Vista/order.html (https://www.sphinx-soft.com/Vista/order.html)
-
For a software like Altium, you for sure select "Disable All" at first.
Later you can open some ports / connections, depending if needed.
I my experience for most CAD applications, I have them on "Disable All" all the time.
With Disable all, the private license server does not validate Altium.
dxpsecurityservice.exe wants to communicate on TCP: 21001 as well as UDP: 20002
I'm pretty sure the private license server is on port 21001
If I enable port 21001, does that just allow communication between the private license server and the Altium program, or does it allow Altium to communicate with Altium servers over the internet?
-
Is the private license server running on another PC? If its on the same PC kinda surprised if it doesn't work.
If another local PC you can allow IP ranges in windows firewall:
Once you've added the application "ex.exe" whatever, open it in windows firewall list and click on the Scope tab.
Depending on if you are using Allow or Block. If I use Allow, then I can choose allow all local IPs. Although might still want to put in a range just in case, 192.168.0.2 to 255 or whatever.
-
Is the private license server running on another PC? If its on the same PC kinda surprised if it doesn't work.
If another local PC you can allow IP ranges in windows firewall:
Once you've added the application "ex.exe" whatever, open it in windows firewall list and click on the Scope tab.
Depending on if you are using Allow or Block. If I use Allow, then I can choose allow all local IPs. Although might still want to put in a range just in case, 192.168.0.2 to 255 or whatever.
The private license server is on the same PC. The firewall I’m using has about a dozen options for zone that I can select for that port. One of the options is LAN, it’s just not clear to me if that option actually means local as in no communication to the outside world?
-
LAN would imply no connection to the outside world yes.
WAN is outside.
Didn't realize, apparently some firewalls will block within the same PC, some will not by default: https://stackoverflow.com/questions/11302705/will-a-firewall-block-local-tcp-communication-between-processes
-
In the 4 years since I made this post I was bound and determined to keep pressing forward and had actually forgotten about this saga until recently when someone contacted me about it.
I ended up getting a ton of work almost immediately and became so busy that I started a business doing full stack type work including prototype manufacturing. I still use Altium to this day, now on their Develop platform.
-
I still use Altium to this day, now on their Develop platform.
I was moved to Agile as because of prior agreement to freeze price for 3 years after transitioning to a timed license, I got a quote for it which is just about 150$ higher than what I would pay for Developer. Also my account manager assured me that current ridiculous pricing for Agile will be reduced as they don't really make sense for situation like mine when a client has only one or two seats in Agile.