Important: It is all about trust

[Marco van Herwaarden]

Quote:

Originally Posted by Paul M

I spotted Limewire

Well spotted. 1 vb.org bonus point for you.

[Lottis]

Quote:

Originally Posted by amykhar

you know, any of you who know how to read php could always go read the code in the product installs and such and know immediately who is calling external functions from the code. You don't need staff to tell you who the bad guys are.

Well, not everyone of have that skills, im afraid. I sertanly dont.
I lay all my trust in the coders that gives out there hacks, call me perhaps naive. But i do. And since this is VBorg , i have always tought that this site dident want to bee letting coders do this because of there high reputation as serrious.

Quote:

Originally Posted by MarcoH64

The fact that you install any software, could always possibly open you to unknown harmfull actions by the coder of that software. This is not really something new.

This is new fore me. And i have been here fore 2 years.
I think i have put to mutch trust in the VBorg following up on this issue.

*sorry, fore my bad english*

[Paul M]

BTW - I'm also curious about this - I believe vbulletin itself makes a call back to vbulletin.com everytime you visit your ACP, and passes back your licence code - I don't recall this being mentioned when you install vbulletin, I can't even find it in the licence - does this mean that vB now falls foul of your policy ?

[Protoman]

I believe that's a bit different because it is the original forum software. They're not going to hard code something in that could trash your board.

Products are 3rd party code though, and you could throw just about anything in there to execute.

[Floris]

Quote:

Originally Posted by Paul M

BTW - I'm also curious about this - I believe vbulletin itself makes a call back to vbulletin.com everytime you visit your ACP, and passes back your licence code - I don't recall this being mentioned when you install vbulletin, I can't even find it in the licence - does this mean that vB now falls foul of your policy ?

Besides this part from the license agreement, which you click during purchase and before downloading each .zip file. Therefor you agree to it.

Quote:

From time to time, Jelsoft may inspect your registration integrity. This will be done without collecting any information whatsoever about your server or your users. The only information verified will be your licence number and the domain on which the software is run. Should Jelsoft discover discrepancies in the software usage, be aware that you may lose your licence and may face legal actions for Software Piracy. Your information will not be shared with 3rd parties. Occasionally, it is necessary to record your IP address for security and performance monitoring.

http://www.vbulletin.com/order/license_agreement.php

Any questions in regards to the Jelsoft License Agreement please redirect them outside of vBulletin.org directly to Jelsoft Sales through: http://www.vBulletin.com/go/sales

[Marco van Herwaarden]

Quote:

Originally Posted by Lottis

This is new fore me. And i have been here fore 2 years.
I think i have put to mutch trust in the VBorg following up on this issue.

Lottis,

I am there talking in general, all software. Doesn't mattter if it is a php-script, a windows application, or even an application that a company has coded in-house.

[Paul M]

Quote:

Originally Posted by Floris

Besides this part from the license agreement, which you click during purchase and before downloading each .zip file. Therefor you agree to it.

Just read it again

Quote:

From time to time, Jelsoft may inspect your registration integrity. This will be done without collecting any information whatsoever about your server or your users.

That does not exactly specify that the software has hidden functionality to call home everytime you use your admin cp - at best it's extremly vague.

[Logikos]

This clears alot of things up. This is the reason why Paul was getting so much heat in the forums. I'm with Paul and TheGeek on this one. I will add my few lines of thought about the situation and move on.

Attemping to click the install link when you install a product is nothing new. I've seen this in a couple of hacks in the past. It just looks for an image of the install URL and uninstall URL. Its completely harmless and in no way shape or form does this create a sercurty issue for users installing these hacks. You should make that completely clear to the users as your main post seems to direct users that there are flaws in hacks here.

Quote:

From time to time, Jelsoft may inspect your registration integrity. This will be done without collecting any information whatsoever about your server or your users. The only information verified will be your licence number and the domain on which the software is run. Should Jelsoft discover discrepancies in the software usage, be aware that you may lose your licence and may face legal actions for Software Piracy. Your information will not be shared with 3rd parties. Occasionally, it is necessary to record your IP address for security and performance monitoring.

If vBulletin is allowed to do this, why can't we? vBulletin states that they occasionally will record your ip address for security and performacnce monitoring. vBulletin coder will occasionally record that you have installed this modification for statistical purposes. The only issue I could see is that the authors didn't stat this in the first post. Wouldn't this be allowed if we simply told users about this?

Either way, I will follow the new rule and I don't think this will be fare to remove accounts as this was never mentioned it the TOS of the vB.org site. Another thing I should add is that emails no longer allow me to uninstall hacks from my email. I had recived an update email and I clicked the uninstall link in the email and I was just redirected back to the portal page.

[Floris]

Quote:

Originally Posted by Paul M

Just read it again


That does not exactly specify that the software has hidden functionality to call home everytime you use your admin cp - at best it's extremly vague.

Let me quote myself again:

Quote:

Any questions in regards to the Jelsoft License Agreement please redirect them outside of vBulletin.org directly to Jelsoft Sales through: http://www.vBulletin.com/go/sales

[Rimer dal]

While I see the way you are coming at this issue, It isnt uncommonin the real world for free software to include callback functionality. When I release freeware I never have the intent of stealing inforatopn, but because it is free I know that even if it is a small majority, people are prone to remove information that by downloading and using your software they agreed too. Unlike vB most free software lacks proper legal protection and using acallback, harmless as it is, they ensure the integretity of the software hasn't been compromised as by terms of contract.

Now I agee, it isnt a kind thing to do without warning the users first,but those offenders may be code wise and can expect it. It would defeat the purpose of the validation functions. So if you bann us from using such validationhere you should at least afford the codersthe ability to report websites using their hacks released here outside the terms of the hackand have that user face consequences for their actions.

While it is trust that keeps users here, it is coders that keep the users here in the first place and sofor both groups protection needs to be afforded I feel, not just one side of the crowd, because alone they don't work together.

I hope I made my point clear
-Rimer-

PS: I have not released any hacks here under this account, but the hacks I have released donot include callbacks as they were ports and not mine originally and thus I did not feel obligated to do it since the original author had not. Hwever if I ever release custom hacks id like to see protection afforded to both sides.