Sued by Altium - Don't Do What I Did!

[envisionelec]

Around 2018 I decided it was time for a change of careers and became a full time PCB designer. I went searching for a legitimate used copy of the software. Now, at the time I had never read the EULA and didn't know there were NO SUCH THINGS as a used license. But I digress... I found a seller on a forum who claimed to be selling the assets of a large contract manufacturer located in or near Poland. After some back and forth, I paid the seller 0.2BTC which was around $1300USD at the time for the license. To verify, the seller showed me that my company name was indeed in the License which made me believe it was completely legitimate... others were vouching for the seller saying they'd purchased equipment, and all was as expected. Good.

Everything worked perfectly. I conversed with Altium reps about it, all updates always worked. I had built a small business on it. All good. In April 2022, I got a message from a client that stated they needed to get on a call IMMEDIATELY. It turns out that they had been served with a notice from Altium's legal representation that showed my company name and computer information had been "phoning home" for the time I'd plugged my workstation into their network. Further, they had logged 3 YEARS of data from my computer network, down to the LatLong of the WiFi of my home network. I was livid, furious that I had been conned and was about to lose a trusted client.

After losing my shit in anger, I managed to figure out that the seller had given me a bogus license with an activation that, when Googled, could be found in a list of "Cracked" Licenses. What I STILL DON'T understand is how the f*** my Company information was displayed in the License and on the Licensing page if it wasn't placed there by Altium. The .ALF file is pure gibberish when I view it in Notepad++. Were they working for Altium?

I was never able to track down the seller because it was all done via secure email which seemed normal for an international transaction - I reasoned the seller didn't want his information to be public. That was my undoing because I couldn't prove the transaction happened other than to show the bitcoin transaction left the wallet at the time. I am a pretty tech savvy guy but computer security and system information isn't one of my strong suits. I distinctly remember being very wary of the whole deal, and in retrospect there were red flags.

I can talk about this now, because I settled for a non-unsubstantial amount of money. I had to buy 3 consecutive years of on-demand licensing (they refused to give me the standalone) and pay a penalty. It adds up to $18k and I think I escaped relatively unharmed. Although that is a major financial hit, it could have been much worse.

[redkitedesign]

Ouch, that sucks.

Also quite awful Altium followed you for three years, they could have sued you a lot earlier.

However, used software licences exist (at least in .EU), and are valid.
And they are sold by normal companies, with normal websites who use common mail and telephone. And they accept normal credit card or back transfer payments.

If you have to jump through hoops to communicate with them, and have to pay in BTC, its probably a scam.

[EEVblog]

Ouch, that sucks.

Also quite awful Altium followed you for three years, they could have sued you a lot earlier.

It sounds like a lawsuit never actually happened here. i.e. it never went to court and Altium won a decision and were awarded damages.
Sounds like a classic case of a big company just legally threatening an individual and they buckled. That's what big companies do, they send out a threatening letter from lawyers hoping that the invidual or smaller company will just buckle and pay under the either explicity or implied threat of a lawsuit.

[Ed.Kloonk]

Open source, baby.

[Berni]

Ouch that is not fun.

I am guessing the person who sold you the license had a keygen. They sometimes put the effort in to reverse engineer the license encryption so that they can spit out unique keys using the keygen, making it harder for the software vendor to block.

A lot of other big companies do the same thing. For example Dassault Systems (the makers of SolidWorks and CATIA) will also send you greetings in the mail if you plug a machine with a cracked copy of these software into a corporate network.

[Monkeh]

What I STILL DON'T understand is how the f*** my Company information was displayed in the License and on the Licensing page if it wasn't placed there by Altium. The .ALF file is pure gibberish when I view it in Notepad++.

Likely because they do not properly sign the file. Cryptography is something companies have a long and proud history of completely, totally, and utterly failing to grasp.

[envisionelec]

It sounds like a lawsuit never actually happened here. i.e. it never went to court and Altium won a decision and were awarded damages.
Sounds like a classic case of a big company just legally threatening an individual and they buckled. That's what big companies do, they send out a threatening letter from lawyers hoping that the invidual or smaller company will just buckle and pay under the either explicity or implied threat of a lawsuit.

Thanks for weighing in, Dave. You’re mostly correct. McInnis and McLane served my client, a large corporation with an international presence with large monetary threats. My network information (MAC address, license name, lat/lon, IP addresses) were in a multi page list as Exhibit A.

I immediately called a high power copyright attorney (another USD5K) to learn my rights and made an offer to settle. That was in April. Altium dragged their feet for six months which caused me to lose the client and the remainder of the contract I had with them which would have handily paid for that settlement amount. Because of Altium’s sheer laziness to communicate with their counsel, I nearly went out of business. And this is a SIDE JOB. I work a full time career for a massive company as a PCB designer, using Altium everyday. I used Altium for what amounts to serious hobby-level work and absolutely got shafted.

In the end, I demanded that Altium release my “clients and customers” of any wrongdoing - because that was the right thing to do. I got (almost) everything I asked for, then went above and beyond and upgraded their option to get the PRO license rather than standard. I absolutely didn’t take it lying down nor did I buckle without having clear and capable legal representation. Thank you for allowing me to post this story on your forum as a warning to others that may have a cracked copy of Altium on their machines in the USA and are connected to Altium.

[mcinque]

I wonder how legitimate it is to track a user and get to have the contact information of one of his customers. Of course to enforce one's rights a person has to sue, but I don't think it's allowed "by default" to "spy" on users just because you own the software.

I'm sorry for what happened. And I'm sorry to say it but for me, for this kind of purchases, asking to be paid in bitcoin must raise suspicion.

[pcprogrammer]

This also makes me wonder what the privacy "lawyers" have to say about this. Sounds even worse then the whole cookie ordeal of web pages. Basically tracing your system every where you take it, and startup "their" software.

There is this thread about "free" software doing it too. https://www.eevblog.com/forum/chat/seems-all-the-ides-supplied-by-chip-makers-phone-home/msg4455088/#msg4455088

[rsjsouza]

Indeed. For a company that has deep pockets they could have potentially sued back with the privacy violation and reduce or dismiss the original claim entirely. Obviously that would depend on the T&C of the software and if it was enforceable or not.

To the OP: I am sorry this has happened and I am glad you came out with a "speeding ticket".

[nctnico]

Ouch, that sucks.

Also quite awful Altium followed you for three years, they could have sued you a lot earlier.

However, used software licences exist (at least in .EU), and are valid.
And they are sold by normal companies, with normal websites who use common mail and telephone. And they accept normal credit card or back transfer payments.

If you have to jump through hoops to communicate with them, and have to pay in BTC, its probably a scam.

Agreed. Needing to pay in Bitcoin and using secretive email addresses is a massive red flag. No real company would take payment in Bitcoin, use 'secure email', etc. Real companies trade openly using bank accounts in their name.

Another red flag is that -in my experience- you'll need Altium (either through their servers or through a dealer) to move a license from one computer to the other. AFAIK you can't buy a used Altium license which works on your system 'out of the box'.

Still is sucks massively for the OP that this happened. Best wishes and hope the big customer can be persuaded to become a client again.

[envisionelec]

Agreed. Needing to pay in Bitcoin and using secretive email addresses is a massive red flag. No real company would take payment in Bitcoin, use 'secure email', etc. Real companies trade openly using bank accounts in their name.

Another red flag is that -in my experience- you'll need Altium (either through their servers or through a dealer) to move a license from one computer to the other. AFAIK you can't buy a used Altium license which works on your system 'out of the box'.

Still is sucks massively for the OP that this happened. Best wishes and hope the big customer can be persuaded to become a client again.

Agreed. I was in a tight situation where I’d just gotten dropped from a contract with a firm in another state. I had moved there in hopes of being moved to full employment but was dropped unexpectedly. I was more than a little desperate to have the software. The tiny “scam alert” voice wasn’t working well that day and I readily admit that I made a big mistake. The confidence came when the seller sent me screen shots of my company information on the AD license page. 

[2N3055]

Funny thing is they used network of a corporation they have no relationship with to track down OP...
Also it is debatable, if OP didn't really buy software from them, then any contractual relationships are null and void, including Alitum's right to gather any data from OP, regardless of what it says in a blurb on a screen.
It is a piracy to use illegally purchased software, but Altium cannot spy on people without consent.That is practically industrial espionage and is highly illegal in any country. And in EU it is GDPR violation too..

[voltsandjolts]

Regarding data collection, I'm not sure that Altium has done anything illegal here. You installed their software, and allowed it to phone home with details of your PC, either by explicity allowing the connection to Altium servers or failing to manage your firewall. Same MO with Microsoft and thousands of other software providers. From the Altium EULA which all users have agreed to:

3.12. You acknowledge and agree that data provided to Altium, including but not limited to data stored in Altium 365
Service, may be retained in Altium’s records and archived indefinitely in our network backups.

[AndyBeez]

Re the mystery seller: The blockchain could be your friend. Do you have the wallet address that you paid the BTC into? How active has it the address been?

[EEVblog]

It sounds like a lawsuit never actually happened here. i.e. it never went to court and Altium won a decision and were awarded damages.
Sounds like a classic case of a big company just legally threatening an individual and they buckled. That's what big companies do, they send out a threatening letter from lawyers hoping that the invidual or smaller company will just buckle and pay under the either explicity or implied threat of a lawsuit.

Thanks for weighing in, Dave. You’re mostly correct. McInnis and McLane served my client, a large corporation with an international presence with large monetary threats. My network information (MAC address, license name, lat/lon, IP addresses) were in a multi page list as Exhibit A.

I immediately called a high power copyright attorney (another USD5K) to learn my rights and made an offer to settle. That was in April. Altium dragged their feet for six months which caused me to lose the client and the remainder of the contract I had with them which would have handily paid for that settlement amount. Because of Altium’s sheer laziness to communicate with their counsel, I nearly went out of business. And this is a SIDE JOB. I work a full time career for a massive company as a PCB designer, using Altium everyday. I used Altium for what amounts to serious hobby-level work and absolutely got shafted.

In the end, I demanded that Altium release my “clients and customers” of any wrongdoing - because that was the right thing to do. I got (almost) everything I asked for, then went above and beyond and upgraded their option to get the PRO license rather than standard. I absolutely didn’t take it lying down nor did I buckle without having clear and capable legal representation. Thank you for allowing me to post this story on your forum as a warning to others that may have a cracked copy of Altium on their machines in the USA and are connected to Altium.

Thanks for sharing.
Yikes, that's more involved than I imagined.
Very poor form on Altium's part, they should have just said "you are using a bogus license, we understand you might have have gotten duped, please buy a license at a discount otherwise we'll have to take it further.". Probably cost Altium more in legal fees than they got from you. As always the winners are the lawyers.

[EEVblog]

Funny thing is they used network of a corporation they have no relationship with to track down OP...
Also it is debatable, if OP didn't really buy software from them, then any contractual relationships are null and void, including Alitum's right to gather any data from OP, regardless of what it says in a blurb on a screen.
It is a piracy to use illegally purchased software, but Altium cannot spy on people without consent.That is practically industrial espionage and is highly illegal in any country. And in EU it is GDPR violation too..

Yes. if you wanted to take such a case all the way there is a better than average chance that you'd "win". I use "win" in quote marks because you don't actually, it would suck away all your life and money in the process.

[2N3055]

Regarding data collection, I'm not sure that Altium has done anything illegal here. You installed their software, and allowed it to phone home with details of your PC, either by explicity allowing the connection to Altium servers or failing to manage your firewall. Same MO with Microsoft and thousands of other software providers. From the Altium EULA which all users have agreed to:

3.12. You acknowledge and agree that data provided to Altium, including but not limited to data stored in Altium 365
Service, may be retained in Altium’s records and archived indefinitely in our network backups.

It does not work that way. Implicit contracts are not a thing. Just ask Microsoft and their EU fiasco..
You have to show some contractual relationship, proof of sales, proof of payment or some other document showing user did enter into willing contract with other party and by doing that it had to agree to Terms of agreement.. Even then, a signed Terms of agreement is needed if you want to be sure it's a slam dunk.

Fact is that even if you are a real thief, none of your acts are a waiver of your basic human rights. And a private organization has no authority or jurisdiction or even company license to perform intelligence operations or investigations of any sorts. Not to mention that NSA might be interested Australian company is performing industrial espionage of US corporations..

Not sufficiently blocking them from firewall (which you couldn't because you didn't know they were "threat actor")  is "why did you allow to be raped" type of comment. You didn't allow it and other side exploited your vulnerabilities.. You being easy target doesn't make it right.

But as Dave said, I'm sure what Altium did was illegal, but none of us have 10 million USD for legal team to pursue that.
Not that I would purchase 1300 USD janky license for bitcoins from some nonentity anyways..

[mcinque]

Regarding data collection, I'm not sure that Altium has done anything illegal here.

calling home with some details it's ok.
mapping his customers and contacting them, DEFINITELY NOT!

[envisionelec]

Regarding data collection, I'm not sure that Altium has done anything illegal here.

calling home with some details it's ok.
mapping his customers and contacting them, DEFINITELY NOT!

What irks me is they didn’t contact anyone UNTIL I plugged into a “high value asset” network. Choice words have been used. They obviously thought they were getting a payday.

[mcinque]

they didn’t contact anyone UNTIL I plugged into a “high value asset” network

Yes, it is a deliberate strategy. And it means that they are not only aware of basic information, but also a certain amount of details, and they cross-reference this information with each other to arrive at conclusions and figure out when the prey should be hit.

A company has the right to protect itself, not working for free and allowing "piracy", of course.

But what I'm reading I'm pretty sure is something that is not allowed under current Privacy regulations, at least in civilized countries.

[HighVoltage]

What irks me is they didn’t contact anyone UNTIL I plugged into a “high value asset” network. Choice words have been used. They obviously thought they were getting a payday.

I had the same a few years ago with a different software package (Not Altium).
Similar circumstances.
No action taken for many years.

Suddenly, when I visited a high profile customer, the legal action started.
As if they knew, that this customer had deep pockets.

This really sucks!

[Black Phoenix]

Good luck trying to enforce this measure in Mainland China... All companies I've done some jobs for the only original software would be Windows if the PC was sold with it Pre installed, like a workstation or a laptop.

If it was build, not even the OS would be official...

To be sincere I would love to see Altium try, as Dassault Systèmes, Microsoft and Adobe...

Sucks to be the OP really, I just hope he gets enough work from now on to offset the costs he had.

[james_s]

The data collection is enough to convince me to not use Altium. I'll continue to get by with KiCAD, it's good and getting better all the time. No license to worry about at all.

[boB]

Yeah, another reason for my belief that the only real  use of crypto-coin is for illegal operations.

That and maybe stock market like gambling.

boB