******* add-on cannot be uninstalled

[Daniel Hood]

The buyer beware approach is dead wrong in my opinion dead wrong. Nice that just because some of you can read code you have no interest in protecting my interests only your own

The way these sentences read is as if they are connected. My buyer beware stance has nothing to do with reading code, technically before you buy even if you could read code, you can't read that code.. That stance also doesn't just apply to XenForo add ons. My buyer beware stance applies to getting a new computer, a new gaming console, a new car, a new phone provider, etc...

I never make the assumption that everyone can read code because the majority of people can't, it'd be a dumb assumption. The amount of people that can read plain text is pretty high though, and I do assume that you should read a discussion thread about the add on (more would be preferable) before throwing $20 out the window.

 

[Ridemonkey]

I have to ask... What would you consider a proper declaration?

Well, okay, that was a little broad and didn't really capture the intent. The other thread I started was really what I am looking for - a basic description of what you've implemented to validate licensing.

I don't think the slippery slope argument is useful here. A basic, up front understanding of what can cause your add-on to suddenly become non-functional through no changes or any particular fault of your own isn't unreasonable, I don't think

 

[Snog]

A proper declaration in your case (and in all other cases) would be to describe in detail what information you collect and if (and for how long) it is stored at your server.

In your special case, you should also state that you're going to deliver and deploy all updates directly from your server and provide an optional method to skip this for a manual process.

Uninstall or even install routines that requires the server of the add-on developer to be online should generally not be allowed. What if someone goes out of business?

I my case, the site URL and server IP address is permanently stored with the license.

Providing a way to skip the online install process won't happen. That opens the add-on up for piracy (it has happened to me once already).

The install routines for my paid add-ons do require my server to be online and that won't change. It's the most logical method to deliver updates quickly and efficiently to my clients. If I go out of business, the add-ons will be transferred to someone else.

The uninstall routine is delivered with the add-on and will function without 'calling home' to my servers.

Once installed, none of my add-ons 'call home' for any reason.

Now I understand some of what I said might seem a little harsh. But, when a valid XF license holder distributed an add-on of mine on a pirate site, it leaves me with no other choice. And if it should happen again, I'll have to review my delivery method again.

EDIT: I have to add that the one time someone tried to distribute a 'hacked' version of one of my add-ons that uses the current delivery method, it crashed several sites that tried to use it. I feel no guilt or shame because of that.

 

[Daniel Hood]

I agree with most of this, but I have a little bit of an issue with "people still act surprised when all they had to do was read." I agree that people should do a little research into who they're buying from and what they're installing, but what can appear to someone watching as a long track record of bad practices can actually be hard to find doing forum searches. It's not always easy to piece together a history from searches, especially when you don't know what you're specifically searching for.

I mean, how would you find this particular issue? If I search for "*******" I get a freakin' ton of results that are mostly resources. If I search for "******* problem" I get mostly support questions in the resource threads. "******* scam" returns this thread, but only this thread, so there's no history/track record, and the only reason that even shows is because ONE person in this thread said they didn't want to buy from scam artists - not even directed at *******. It's hard to know what to research for.

In any event, there's no way that the XF staff could effectively review all code, but that doesn't mean they can't assert themselves a little. If an agreement can be reached about what does need to happen (e.g. proper declaration of when calls are made outside the XF install server), it puts the staff in a position to be able to act if such practices are discovered and brought to the staff's attention.

Sorry, I just saw this post, for some reason it took me a couple posts past this when I first clicked the thread.

I get what you're saying, ******* actually doesn't have a long track record yet though in my opinion. His shady tactics have somehow just been pointed out in the past couple weeks. But for the most part these "I bought an add on that doesn't work", "I can't get support", etc could have been obvious by just reading the thread discussion. I don't expect everyone that buys a XenForo addon to have a mental index of every post in the forums but I do expect them to skim the discussion thread of the add on they're about to buy. And if it's expensive, skim some more of the author's posts.

Back to ******* though, a couple of his issues could have been noticed just by reading. A lot of people didn't realize it was a subscription plan he forced people on... he can't do that through paypal without paypal atleast mentioning it on the page for you. I get some people don't expect it but you have to be some level of responsible. These are the same people that probably sign random documents without reading them or having someone read them. It's going to eventually bite you.

I don't think anyone deserves that, I wish the world was perfect and nobody would be out to get you or myself. I wish there weren't pirates so ******* didn't have to make this so hard and do such weird things. It's the world though and these weird behaviors aren't limited to XenForo.

 

[JABRONI]

This is most heinous, dude.

 

[FredC]

The way these sentences read is as if they are connected. My buyer beware stance has nothing to do with reading code, technically before you buy even if you could read code, you can't read that code.. That stance also doesn't just apply to XenForo add ons. My buyer beware stance applies to getting a new computer, a new gaming console, a new car, a new phone provider, etc...

I never make the assumption that everyone can read code because the majority of people can't, it'd be a dumb assumption. The amount of people that can read plain text is pretty high though, and I do assume that you should read a discussion thread about the add on (more would be preferable) before throwing $20 out the window.

I myself am dyslexic and have severe ADD some of the things you assume as common I find very difficult at times. Let's face it we are not all equals hear some of us require a bit more handholding than others however I find it very shady that somebody would treat me differently because of my personal shortcomings.

I have every confidence the team at XF will come up with a brilliant solution they are almost famous for this.

 

[FredC]

Sorry, I just saw this post, for some reason it took me a couple posts past this when I first clicked the thread.

I get what you're saying, ******* actually doesn't have a long track record yet though in my opinion. His shady tactics have somehow just been pointed out in the past couple weeks. But for the most part these "I bought an add on that doesn't work", "I can't get support", etc could have been obvious by just reading the thread discussion. I don't expect everyone that buys a XenForo addon to have a mental index of every post in the forums but I do expect them to skim the discussion thread of the add on they're about to buy. And if it's expensive, skim some more of the author's posts.

Back to ******* though, a couple of his issues could have been noticed just by reading. A lot of people didn't realize it was a subscription plan he forced people on... he can't do that through paypal without paypal atleast mentioning it on the page for you. I get some people don't expect it but you have to be some level of responsible. These are the same people that probably sign random documents without reading them or having someone read them. It's going to eventually bite you.

I don't think anyone deserves that, I wish the world was perfect and nobody would be out to get you or myself. I wish there weren't pirates so ******* didn't have to make this so hard and do such weird things. It's the world though and these weird behaviors aren't limited to XenForo.

This post is a good example of what I'm talking about I actually did raise this exact concern last year nobody cared.

 

[Slavik]

I have every confidence the team at XF will come up with a brilliant solution they are almost famous for this.

We've had a few different ideas and discussions about the pro's and con's of each.

 

[Luke F]

I don't know what the outcome of this debate will be, but I have two hopes:

- Developers remain free to handle payments themselves
- Developers can continue to distribute addons via their own means, within reason (e.g. email)


As far as 'calling home' goes, personally I don't think it is suitable or necessary, and won't be adding anything of the sort to my addons any time soon.

 

[John L.]

I've been lurking around this thread for a few days wondering how appropriate it would be as an addon developer to chime in. I admit, I'm no coder. My business partner and friend is the programming muscle behind this operation. My background is more in the design (web development) spectrum and making sure the business side of things run smoothly.

I won't really get into @******* and their process/products. I don't feel that's appropriate as another developer to do, but I will speak on our process. We use WHMCS as our billing system of choice. I've been very familiar with it so it was easy for me to setup and get everything up to speed. It also provides a licensing addon which we are using to help keep piracy down. I don't think there is any developer out there who thinks that the methods we perform are going to stop piracy, but at least in my case it makes me feel better knowing we are doing something.

Any licensing system you're using as a developer shouldn't have to capture much data at all. Server IP, Domain Name and Installation Path. That's about it. And you shouldn't have to make any calls home unless you're placing a license key into your options or upgrading the addon. Installing and uninstalling shouldn't require that in my honest opinion.

 

[Gemma]

This has all been blown way out of proportion. A poor decision was made about how an author's licensing works. Let him correct it and see how it goes.

Totally agree with this.

 

[Slavik]

I don't know what the outcome of this debate will be, but I have two hopes:

- Developers remain free to handle payments themselves
- Developers can continue to distribute addons via their own means, within reason (e.g. email)


As far as 'calling home' goes, personally I don't think it is suitable or necessary, and won't be adding anything of the sort to my addons any time soon.

Things like that wont change, but its most likely going to be some sort of facebook / google app style disclosure required, so people will be informed about just whats going to happen when they click the install button.

Nothing is set in stone though yet until Mike makes the final call.

 

[Brivium]

Dear @All

Thanks so much for all opinion & feedback and we apologize for any inconvenience caused. We will update our Privacy Policies and will update all our products to fit with new policies asap.

NEW ONLINE LICENSE VALIDATION POLICY (WILL BE AFFECTED AFTER 19/09/2014)

To fight piracy, some products may contain online license validation. As many man-hours have been put into creating the wonderful products you are using, it is sad that there are people who don't respect that and use illegal methods to create their own license.

At *******, we think that as a paying customer, you won't mind this validation, as it prevents others to enjoy the same applications for free while you paid for it.

Online license validation works by sending your Forum URL, no additional or personal information will be sent. After sending the Forum URL to *******, the application will receive an answer from server that indicates whether the license was purchased at ******* or not.

If the application determines the license wasn't purchased at ******* it will unable to install the product, at that point no additional information will be sent to *******. If your license could be validated online (which will be the case if you purchases your license at *******) your product will be installed and the validation succeeded.

We hope you will find these terms satisfactory and look forward to the pleasure of your order.

Regards,

 

[Alpha1]

@******* Will your new validation method only be carried out on install? Not on upgrade, uninstall or other times?

 

[Brivium]

@******* Will your new validation method only be carried out on install? Not on upgrade, uninstall or other times?

Yes, It will validator only on install progress.

 

[Floyd R Turbo]

@******* will you also be issuing updates for all of your addons, or will this not be necessary as this is something only done on the server side?

 

[Brivium]

@******* will you also be issuing updates for all of your addons, or will this not be necessary as this is something only done on the server side?

We must to update our client library to fit with new privacy policies. Therefore, we need at least 1 week to solve it and upgrade all our products.

Regards,

 

[Naz]

I understand that. What I don't understand is how preventing them from uninstalling the add on helps that situation at all. I get call homes during installation, uninstallation seems rather odd though.

I'm glad you've resolved it.

Haven't read the entire thread yet, but I'll throw in my two pence.

A while back, a client of mine needed a ticket system for a move from vB to XF and at the time, ******* had released one. So instead of reinventing the wheel we went and brought that one. Turned out to be a lot more trouble than it was worth (I wrote a review about it somewhere, I believe). When you install the addon, it calls home after sending your server information to *******'s server(s). I'm assuming server side a check is done against that data to check whether or not you have a valid license for that URL. If you didn't, the installer breaks, the addon was 'installed' but missing database tables. So because I was testing locally it didn't work. Further digging led me to discover that during install, after the call home is successful, MySQL queries are sent back and executed. I'm assuming this is why the uninstaller also calls home, it checks if you have a valid license and if you do it sends you back what tables need to be dropped. I completely disagree with this practice and totally un-needed information is sent to *******.

I just ended up making my own ticket system, took longer than having a premade one but it works locally for testing with no silly anti-piracy restrictions.

 

[Alpha1]

We must to update our client library to fit with new privacy policies. Therefore, we need at least 1 week to solve it and upgrade all our products.

Regards,

It's nice to read that you will implement this improved policy.

Will you also remove (ex)customers from your discouraged user list? I don't think it's a good idea to limit accounts of users who place critical reviews. I think you understand now that criticism was useful to improve your policy.

 

[Kevin]

Further digging led me to discover that during install, after the call home is successful, MySQL queries are sent back and executed.

That is that the part that would bother me, not the actual data being sent. I have no problem at all with devs including call home functions to verify the domain I am installing a paid product on, I do however have an issue with code being dynamically generated and ran on my server that I can't tell what it is doing or where it came from.