Well spotted. 1 vb.org bonus point for you.

Well, not everyone of have that skills, im afraid. I sertanly dont.
I lay all my trust in the coders that gives out there hacks, call me perhaps naive. But i do. And since this is VBorg , i have always tought that this site dident want to bee letting coders do this because of there high reputation as serrious.

This is new fore me. And i have been here fore 2 years. ;)
I think i have put to mutch trust in the VBorg following up on this issue.

*sorry, fore my bad english*

BTW - I'm also curious about this - I believe vbulletin itself makes a call back to vbulletin.com everytime you visit your ACP, and passes back your licence code - I don't recall this being mentioned when you install vbulletin, I can't even find it in the licence - does this mean that vB now falls foul of your policy ?

I believe that's a bit different because it is the original forum software. They're not going to hard code something in that could trash your board.

Products are 3rd party code though, and you could throw just about anything in there to execute.

Besides this part from the license agreement, which you click during purchase and before downloading each .zip file. Therefor you agree to it.

http://www.vbulletin.com/order/license_agreement.php

Any questions in regards to the Jelsoft License Agreement please redirect them outside of vBulletin.org directly to Jelsoft Sales through: http://www.vBulletin.com/go/sales

Lottis,

I am there talking in general, all software. Doesn't mattter if it is a php-script, a windows application, or even an application that a company has coded in-house.

Just read it again :)

That does not exactly specify that the software has hidden functionality to call home everytime you use your admin cp - at best it's extremly vague. :)

This clears alot of things up. This is the reason why Paul was getting so much heat in the forums. I'm with Paul and TheGeek on this one. I will add my few lines of thought about the situation and move on.

Attemping to click the install link when you install a product is nothing new. I've seen this in a couple of hacks in the past. It just looks for an image of the install URL and uninstall URL. Its completely harmless and in no way shape or form does this create a sercurty issue for users installing these hacks. You should make that completely clear to the users as your main post seems to direct users that there are flaws in hacks here.

If vBulletin is allowed to do this, why can't we? vBulletin states that they occasionally will record your ip address for security and performacnce monitoring. vBulletin coder will occasionally record that you have installed this modification for statistical purposes. The only issue I could see is that the authors didn't stat this in the first post. Wouldn't this be allowed if we simply told users about this?

Either way, I will follow the new rule and I don't think this will be fare to remove accounts as this was never mentioned it the TOS of the vB.org site. Another thing I should add is that emails no longer allow me to uninstall hacks from my email. I had recived an update email and I clicked the uninstall link in the email and I was just redirected back to the portal page.

Let me quote myself again:

While I see the way you are coming at this issue, It isnt uncommonin the real world for free software to include callback functionality. When I release freeware I never have the intent of stealing inforatopn, but because it is free I know that even if it is a small majority, people are prone to remove information that by downloading and using your software they agreed too. Unlike vB most free software lacks proper legal protection and using acallback, harmless as it is, they ensure the integretity of the software hasn't been compromised as by terms of contract.

Now I agee, it isnt a kind thing to do without warning the users first,but those offenders may be code wise and can expect it. It would defeat the purpose of the validation functions. So if you bann us from using such validationhere you should at least afford the codersthe ability to report websites using their hacks released here outside the terms of the hackand have that user face consequences for their actions.

While it is trust that keeps users here, it is coders that keep the users here in the first place and sofor both groups protection needs to be afforded I feel, not just one side of the crowd, because alone they don't work together.

I hope I made my point clear
-Rimer-

PS: I have not released any hacks here under this account, but the hacks I have released donot include callbacks as they were ports and not mine originally and thus I did not feel obligated to do it since the original author had not. Hwever if I ever release custom hacks id like to see protection afforded to both sides.