SA engineer slapped with R100,000 demand for pirated copy of Solidworks

Hamster

Resident Rodent
Joined
Aug 22, 2006
Messages
38,508
Curios to know how they detected the software was installed on a specific pc and then link it to the company
Call home with the host's DNS name, current username, IP address etc?

What am I missing? Sounds pretty straightforward to me.
 
Last edited:

Gnome

Executive Member
Joined
Sep 19, 2005
Messages
6,396
Call home with the host's DNS name, current username, IP address etc?

What am I missing? Sounds pretty straightforward to me.
That is illegal in just about every place in the world. Even if the software is pirated.
 

Hamster

Resident Rodent
Joined
Aug 22, 2006
Messages
38,508
That is illegal in just about every place in the world. Even if the software is pirated.
Even if you agree to it in T&Cs? What law does it break btw?

My Google, Apple and Windows accounts know the device names and last dates they were used. So what's the difference?
 

system32

Expert Member
Joined
Dec 29, 2009
Messages
4,537
Thats why i keep to Notepad++ and WinSCP on my work machine
Good choice.
Also 7-Zip, vlc, paint.net, PuTTY (although lately been preferring Cygwin mintty)

You have to be careful.
Some software is only "free to download" or free for "personal use".
 

Gnome

Executive Member
Joined
Sep 19, 2005
Messages
6,396
Then you want to uninstall windows.
I don't have Windows installed but they aren't allowed to collect personally identifying information on you. It even says so in their T&C if you read it.

What law does it break btw?
You see the nice thing is you don't even need to break any laws in South Africa (and btw. in South Africa you own personally identifying information of yourself so a company needs your explicit permission to use it)

Working for a large international software firm and having spoken to some of my friends at Facebook & Google the same story is true everywhere. Companies are applying GDPR pretty widely because it is nearly impossible to tell to whom it applies. How do you know a person's citizenship status without breaking the laws of many of first world countries?

If you are a resident or citizen of the EU (many people in the world are), the GDPR still applies to you (and companies trying to use your data), whether you are in the EU or not.

So how do you go about collecting that kind of data internationally without breaking the law in some other countries?

Even if you agree to it in T&Cs?
There is this perception that you can sign away all rights. Like you can sign away your labour rights, your consumer protection rights, your right to life, etc. Don't assume a T&C is legally valid or binding. GDPR for example can't be signed away.

Also how exactly would that T&C go?
I hereby sign away my right to privacy and allow company X to collect any and all personally identifying information on me?
I allow company X to use anything they collect on me on my computer in a lawsuit against me? (basically self incrimination clause?)

That is broader than any judgement a court can give the police, yet somehow you think they can do this with an "I agree" button? How would you enforce that in a court and argue that your conditions were not overly permissive, vague and didn't infringe on a person's basic constitutional rights?

Maybe link me to some T&Cs that allow companies to collect and use personal information for incrimination. I'm genuinely curious how that T&C goes and in which country that company is headquartered
 

InternetLuddite

Expert Member
Joined
Feb 23, 2016
Messages
2,253
if you have unlicensed, cracked software running on your work laptop or torrent downloads on your hdd... within 24 hours.....you get a nice reminder from IT - to remove unlicensed software.... and follow up by "please complete refresher tutorial : Unlicensed software, Illegal downloads on your work issued laptop" from HR .... and a session booked with your division HR and line manager...
Our security policies so tough, that no one (including IT) has local Admin access . The local Admin account to be used for installing software has its password changed daily. You add your account to the admin group, it's removed.

Also inventoried to hell and back. I don't mind not having admin permissions - very hard for us and our users to f up machines that way.

Only thing I would like to do is disable USB portable drives from connecting to our corporate laptops. While folks are forced to encrypt the portable drive if they write to it from corporate PC , these morons are setting password as password. With POPI coming in, don't need that risk.
 

InternetLuddite

Expert Member
Joined
Feb 23, 2016
Messages
2,253
Powershell 3 and up it's been superseded by CimInstance:
Bash:
Get-CimInstance -Class Win32_OperatingSystem -Namespace "root\cimv2" | format-list Organization,RegisteredUser

Note CimInstance is backward compatible with the default installed powershell in W10 as well, and has been for a long time (since CimInstance change was Windows Server 2012 if I remember correctly), I would suggest you swap over those commands.
Why did I read that as CrimInstance? #NotGuilty
 

Illegal Allien

Well-Known Member
Joined
Apr 5, 2018
Messages
141
if you have unlicensed, cracked software running on your work laptop or torrent downloads on your hdd... within 24 hours.....you get a nice reminder from IT - to remove unlicensed software.... and follow up by "please complete refresher tutorial : Unlicensed software, Illegal downloads on your work issued laptop" from HR .... and a session booked with your division HR and line manager...
I once connected to my machine a flash drive with a portable Qbittorrent on it which i had totally forgotten about, got a written warning for that. i would hate to imagine what would have happened had i been running a *R100 000* pirate software.
 

Corelli

Expert Member
Joined
Jun 20, 2008
Messages
1,852
Companies often do audits of what software runs on their machines. Normally Microsoft and Adobe are the big names that does the audits. The problem is with digital licenses. These must be kept somewhere, and usually companies loose these and then its difficult to prove which licenses belong to you. I wish they would go back to those license certificates, I hate the digital licenses. So each year I must pull our old emails (that I now printed and filed). To prove to Adobe that we are licensed to use their software, even though my licensing department keeps misplacing the licenses. Thank goodness for those we actually got boxes initially (older versions). So I sent them the scans of the licenses from the boxes too. But the Microsoft ones, such a headache.
 

Johand

Expert Member
Joined
Jan 21, 2005
Messages
1,683
Companies often do audits of what software runs on their machines. Normally Microsoft and Adobe are the big names that does the audits. The problem is with digital licenses. These must be kept somewhere, and usually companies loose these and then its difficult to prove which licenses belong to you. I wish they would go back to those license certificates, I hate the digital licenses. So each year I must pull our old emails (that I now printed and filed). To prove to Adobe that we are licensed to use their software, even though my licensing department keeps misplacing the licenses. Thank goodness for those we actually got boxes initially (older versions). So I sent them the scans of the licenses from the boxes too. But the Microsoft ones, such a headache.
The under appreciate advantage of Office 365 subscriptions. License management just becomes a lot easier :)
 

itareanlnotani

Expert Member
Joined
Sep 14, 2008
Messages
3,887
We got a letter once from Microsoft telling us we needed to pay for our Windows licences.
Laughed, and told them to F off - we're a Mac shop.

Not keen on how software has moved to subscription only these days, Sketchup, Autocad, Creative Suite. etc
Pure money grab really.
 

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
39,858
I don't have Windows installed but they aren't allowed to collect personally identifying information on you. It even says so in their T&C if you read it.


You see the nice thing is you don't even need to break any laws in South Africa (and btw. in South Africa you own personally identifying information of yourself so a company needs your explicit permission to use it)

Working for a large international software firm and having spoken to some of my friends at Facebook & Google the same story is true everywhere. Companies are applying GDPR pretty widely because it is nearly impossible to tell to whom it applies. How do you know a person's citizenship status without breaking the laws of many of first world countries?

If you are a resident or citizen of the EU (many people in the world are), the GDPR still applies to you (and companies trying to use your data), whether you are in the EU or not.

So how do you go about collecting that kind of data internationally without breaking the law in some other countries?


There is this perception that you can sign away all rights. Like you can sign away your labour rights, your consumer protection rights, your right to life, etc. Don't assume a T&C is legally valid or binding. GDPR for example can't be signed away.

Also how exactly would that T&C go?
I hereby sign away my right to privacy and allow company X to collect any and all personally identifying information on me?
I allow company X to use anything they collect on me on my computer in a lawsuit against me? (basically self incrimination clause?)

That is broader than any judgement a court can give the police, yet somehow you think they can do this with an "I agree" button? How would you enforce that in a court and argue that your conditions were not overly permissive, vague and didn't infringe on a person's basic constitutional rights?

Maybe link me to some T&Cs that allow companies to collect and use personal information for incrimination. I'm genuinely curious how that T&C goes and in which country that company is headquartered

As I recall GDPR only applies to dealing/sharing with third parties and needing to anonymise the data.

If you are the direct custodian there should be no problem with keeping such data.

Otherwise how on earth is any company providing digital licensing if they aren’t allowed to retain their own customer’s data?

So of course Microsoft knows who you are and what licenses you hold and all related data to it. They just can’t tell a third party about that or need to have guarantees in place that they also conform to GDPR standards and removal of data up request or the termination of services.
 

Conack

Expert Member
Joined
Oct 3, 2005
Messages
1,939
Spoke to someone involved at the company (he wasn't aware of this specific case) but he did tell me that their APAC (Anti-Piracy And Compliance) has grown to become one of the most lucrative departments in the company after they assembled a team of lawyers & IT to trace and tackle people/companies using their software.

With penalties like these one can see why.
 
Top