
Dictionary app auto-posts piracy accusations on users’ Twitter accounts - masto
http://www.pocketables.com/2012/11/enfour-inc-screws-up-big-time-makes-dictionary-app-auto-post-false-accusations-on-users-twitter-accounts.html
======
cs702
It would be obviously wrong and illegal for a stranger to come into your home,
secretly inventory all physical items in your possession, and then impersonate
you on, say, a global TV broadcast in which you're wrongly accused of stealing
things.

It should also be obviously wrong and illegal for any app secretly to
inventory everything in your phone and then impersonate you on a Twitter
broadcast in which you're wrongly accused of pirating things.

Evidently, the people who made this dictionary app think it's perfectly legal
to do that, and must not see anything wrong with it.

Our laws, regulations, and societal norms have a long way to go before they
catch up with technology.

~~~
__david__
Well, to continue the tortured analogy, the stranger was invited into the
home, they didn't break in. Then they presented a release form to the
homeowner saying they could impersonate him on TV, _which the homeowner
signed_. Only then did they go on TV and "impersonate" him, saying things he
didn't expect.

I don't think it's so cut-and-dry as you are making it out.

It's definitely shady, but I dare say there's nothing illegal here.

~~~
pdonis
I don't see where he gave permission for the app to post Tweets for him. He
gave it access to his Twitter account, but that's not the same thing. To
continue your analogy, the stranger was invited into his home, gave him a form
to sign that said he could inventory the items there, got it signed, and then
proceeded to publish the information in a way that wasn't mentioned on the
form.

~~~
__david__
> I don't see where he gave permission for the app to post Tweets for him. He
> gave it access to his Twitter account, but that's not the same thing.

It is _exactly_ the same thing. If you give something access to your twitter
account, you are giving it the ability to post, and therefore, tacit
permission to post.

~~~
davorak
Ability and permission are not often link like this in real life.

If I walk up and stand two feet infront of someone I have given them the
ability to try to punch me in the face, I have not given them permission to do
so.

If I utilize a computer repair service and I grant them remote access to a
computer at their request I have likely given them the ability to run the
equivalent to rm -rf /, but I have not given them permission to.

I can grant a friend access to my house by giving them a key that does not
mean I give them the permission to do what ever they want in my house.

In the above three cases there are legal consequences for a party when
overstepping their permissions.

------
kstenerud
Most likely, their "piracy detector" was nothing more than checking for
"MobileSubstrate" (a library present in all jailbroken phones) under the silly
assumption that jailbroken = pirated.

Booby trapped software is NEVER a good idea. No matter how clever you think
you are, you're not clever enough.

~~~
activepeanut
What do you think of disabling IAPs if IAPCracker or IAPFree is detected?

~~~
hackmiester
That sounds good, as long as you don't go on the internet and talk shit about
the user if it is detected.

Popping a message like this would be good: "Sorry, this section of the app is
incompatible with IAPCracker. Please contact support if you have received this
message in error."

~~~
idunno246
The users will still post on your forum and claim they don't know what
iapcracker is. and argue incessantly despite having crash reports that logged
it in memory

------
gilgoomesh
If you're an iOS app developer...

The correct way to check if your app has been pirated requires two steps:

1) You must be running on a jailbroken system. Check this by trying to read
from outside the sandbox.

2) Check if your app's signature is invalid. Checking this is fairly involved.
Look around for code.

If _either_ of these two are false, then you've _not_ been pirated (point (2)
will be true when your app is checked by Apple but point (1) will be false).

For Mac App Store apps, only point (2) is required.

The author of the app in the article has only checked point (1) (and
additionally checked an _irrelevant_ point by checking for Installous).

Incidentally, the preferred action if you've detected a pirate situation is to
exit(173).

~~~
mikecane
Does checking for those things slow down the load time of the app? Wouldn't
that punish paid users?

~~~
gilgoomesh
The files you're reading are already cached by the OS (to perform the exact
same work). The only processing involved is computing a hashes and a small RSA
encryption.

Less than half a millisecond?

~~~
DHowett
You could also use access(), which will not incur any file reading overhead or
exchange of encryption keys.

------
Karunamon
Booby trapped software. Very clever, except for when it blows up in your face.

At least they only posted to twitter instead of [1] something a lot worse
(think file deletion, etc).

Generally a bad idea, if you're of the leet warez d00d type, to give any
illicitly acquired app your credentials to anything important, at least until
you've verified that it's safe.

The armchair lawyer in me wonders if someone could get a libel/defamation suit
going because of this. The average user wouldn't probably have much to go on,
but the head of a company perhaps.. yikes.

[1]: <http://www.geocities.ws/johnboy_tutorials/bt.html>

    
    
        why yes that *is* a geocities address!

~~~
praptak
> The armchair lawyer in me wonders if someone could get a libel/defamation
> suit going because of this.

As a professional certified internet _laywer_ I'd also add impersonation.

~~~
troels
Eh .. off topic, but why did you write lawyer with Y and W switched around?
You emphasised it, so I assume it was on purpose?

~~~
praptak
A silly variation on the IANAL disclaimer.

------
hospadam
The fact that the developer would only allow the app to run if the user
granted access to their twitter feed would be very annoying to me. This
scenario is exactly what Apple tried to help users avoid with Twitter
permissions. I understand the developers wishes to stop piracy - but this is
the wrong way. Simply checking for Installous is an incredibly lazy hack to
check for piracy.

------
mnicole
For those not reading the comments --

"I would add that this problem seems to be happening with many, if not all of
the Enfour dictionary apps, not just the Oxford app that this story is about.
And Enfour seems to be attacking customers who post low reviews on their App
Store pages.

And this has nothing to do with having a jail broken iPad or iPhone. It is
happening to everyone."

".. Enfour is attacking people leaving bad reviews in the App Store, but not
by triggering their Twitter accounts. Enfour is actually responding to the bad
reviews by posting negative comments about the reviewers themselves on the
description pages of Enfour’s apps. You can see these when you access the iPad
store, but you have to click “more” for them to appear. I don’t think they
show up in the iPhone app store."

Sounds like a great company all around.

------
UnoriginalGuy
The developers are calling this a "bug."

<https://twitter.com/keitaigoddess/status/263995697571971072>

<https://twitter.com/keitaigoddess/status/263995940602535936>

~~~
CF_HoneyBadger
"Bug" my arse...someone was trying to prove a point / make a statement and it
bit them. Hard.

They will have to do some heavy backpedaling for me to believe it was a bug.
I'm a developer. Ive created bugs and fixed bugs. This is not a bug. This is a
"feature".

~~~
mibbitier
It may well have been a "fun thing" they added in there, but never intended to
release to the public. The "bug" could well have been that it was enabled in
the public release.

So, it's a feature, but the bug could have been that it was unintentionally
'enabled'.

~~~
troels
So they created a weapon and accidentally fired it at someone? In most
jurisdictions, that would still be an offence.

------
mikeash
Apple needs to burn these people to the ground as an example to others. Pull
their apps, refund their customers, and ban them from all Apple platforms for
life. If Apple doesn't severely punish this sort of thing, then just what good
is their fancy walled garden?

~~~
antidoh
"just what good is their fancy walled garden?"

They are or have been the most highly valued company in the world.

The walled garden is not for our benefit.

~~~
mikeash
That is exactly what I was trying to imply. Apple and Apple fans are
constantly telling us that the walled garden is four our own good. If Apple
doesn't take severe action here, then they'll be all but admitting that our
protection has nothing to do with it.

~~~
biot
A walled garden may do a perfect job of keeping rabbits from eating crops. Yet
despite completely fulfilling its purpose, it still can't prevent vegetables
from rotting.

~~~
gee_totes
I always thought it was so none of your neighbors, not just rabbits, could get
to the crops.

------
cobralibre
It's distressing to see such colossally poor judgment on the part of Enfour.
Besides developing the ODE app from TFA, they also produce the American
Heritage Dictionary app, which is one of the better if not the best name-brand
dictionary app for iOS. I would like to support this app because I don't care
to see the professionally edited dictionary go the way of the encyclopedia,
but nonsense like this is hard to pardon.

------
pooriaazimi
I don't have this particular app, but I have Longman's Dictionary of
Contemporary English (5th ed.), also by Enfour, Inc. that I bought last year
for, I don't remember, $50 I think (at the time, now they've dropped the
price).

The latest version displays "I'm a software thief" as a notification, says to
run the app in safe mode and then crashes.

[https://itunes.apple.com/us/app/longman-dictionary-
contempor...](https://itunes.apple.com/us/app/longman-dictionary-
contemporary/id316133247?mt=8)

Oh, and I'm not jailbroken.

~~~
mambodog
I've got Collins Gem Malay <-> English dictionary, which requests Twitter
access, then when denied throws up a dialog saying 'Run in Safe Mode!' and
crashes.

------
mindslight
This is just the kind of thing comes along with the philosophy that the user
shouldn't be the ultimate owner and controller of their computer.

Why isn't the app given an opaque 'twitter handle', which may be a real
account, a no-op, or has a moderated posting ability? And why is the app
allowed to view general properties of the system, looking for system software
which it deems unfavorable?

Because Apple decided that instead of implementing the above security features
(and giving their UI designers the task of making such capabilities
understandable and non-overwhelming), they would simply only allow "good"
apps. Well guess what - "good" doesn't scale.

~~~
tarabukka
"Sandboxed" apps that can even look at the system drive and inspect its
contents? Doesn't sound like much of a sandbox to me.

------
whamill
Sloppy effort on behalf of the developers. Andreas (author of the blog post)
was right to deny it permission to use his Twitter account the first few times
but gave in eventually because of the nagging.

If there was a way to see expanded permissions before allowing a program to
update perhaps he would have not updated at all?

~~~
drivebyacct2
>If there was a way to see expanded permissions before allowing a program to
update perhaps he would have not updated at all?

You really can't do that on the App Store?

------
yock
My gut reaction is to temper my response to this because I tend to overreact
to injustice, but this is just unforgivable.

------
trotsky
im confused about paying $50 for a dictionary app

~~~
cobralibre
The short, glib answer is that if you have to ask why you would want to pay
for a dictionary, then you aren't the kind of person who needs to pay for a
dictionary.

The long answer is that good dictionaries, such as American Heritage
Dictionary, the Shorter Oxford English Dictionary, and the OED itself, are
produced by scholars and experts, guided by editorial panels comprised of
scholars and experts, require a great deal of work to produce (the first
edition of the OED took something like 71 years to complete!), and contain
more data (i.e., more words and more definitions per word) and generally
higher quality data than free dictionaries. You're probably willing to pay $50
for software that solves your problems, because you probably make software
yourself, and you know that it costs money to create software; an analogy can
be made here. But if a barebones dictionary works for you, then it works for
you, and don't worry about it.

So what is a good dictionary? Here's a tentative answer. A good dictionary
provides pithy, useful definitions that reflect the words' differing meanings
over time and differing contexts. Most good dictionaries also provide style
and usage guidelines (e.g., "When should I use 'lie' and when should I use
'lay'?"), and a good dictionary will also provide a word's etymology. Many
free dictionary apps use data from WordNet, which is an amazing resource, but
its focus is on tagging words with taxonomic properties (sorry, a better
phrase isn't coming to me right now) and defining the relationships between
those words, all of which is very useful for general linguistics and NLP
research. The quality of the definitions fall short, and you should be able to
confirm this by comparing just about any WordNet definition to a definition
from a good dictionary at your library.

I was hoping to find a better example, but to give yourself an idea of the
research problems that can be solved with a good dictionary, consider reading
this brief student's guide to using the OED:

<http://www.rci.rutgers.edu/~wcd/oedguide.htm>

~~~
cormullion
For those living in the UK, it's probable that you can access the online
master OED through your local council's library web site, using your
ridiculously long library card number as username.

------
smirksirlot
This is so offensive. I get piracy is an issue, but how did they ever think
this would be a legitimate solution?

Honestly, just let the quality of your app speak for itself.

~~~
mistercow
From what I understand, piracy on iOS _isn't_ an issue. The only place where
it's really significant is China. And there are two points to keep in mind
there:

1\. Stopping piracy of a single app in China is very unlikely to result in
increased sales of that app.

2\. There's no Twitter in China.

~~~
smackfu
Well, what makes something an issue? There is certainly piracy on iOS...
people jailbreak their phones and then pass around ipa files on the standard
piracy sites.

I'd say it is similar to piracy on game consoles. It exists but you need to do
something unusual to enable it, so most people don't do it.

~~~
mistercow
Right. It happens, but that's not the same as being an issue. In terms of a
developer efficiently using their time, chasing after the <5% of your users
who pirated your app, and who in all likelihood only _heard_ of your app
because it was one of the ones they found on a piracy site, is not a good
strategy.

------
darkstalker
Apps posting tweets without consent of the account owner is a violation of the
Twitter rules [1]

    
    
      Get users' permission before sending Tweets or other messages on their behalf. A user authenticating through your application does not constitute consent to send a message.
    

[1] <https://dev.twitter.com/terms/api-terms>

------
Argorak
Schemes like this do seem to pop up from time to time. Garrys Mod was the last
very well known offender in this:

<http://news.ycombinator.com/item?id=2447485> (I won't copy over my full
complaint, read it there)

[http://en.wikipedia.org/wiki/Copy_protection#Notable_payload...](http://en.wikipedia.org/wiki/Copy_protection#Notable_payloads)
(for a very comprehensive list, but without comments about false positives)

They are all similar: they are dangerous when gone wrong, damage your brand,
expose paying customers as if they were sad idiots and - at worst - ensure
that they are ridiculed on support boards even when they have an actual
problem.

Implementing such a system shows that either the programmer or the project
owner in question is a smartass that thinks of himself as more infallible and
better than all the others that programmed such systems that subsequently went
haywire. Sorry for the harsh words, but after being bitten multiple times by
such schemes, I have no nicer ones.

------
evoxed
What happens if you don't have a twitter account? Are you unable to open the
app or does it behave normally?

~~~
DanBC
They claim "complete offline use - no internet connection is required" - but
that doesn't seem accurate when compared to the article.

------
Groxx
This is why I think every API which gives an app access to your data /
identity / etc should have a way to fake it, and track whatever it does. Using
a different account is sufficient, but what about when things are integrated,
like system-wide Twitter or Facebook? Just give us a black-hole option for
such things - return no contacts, send no messages, and let us see what it
tried to do. You'll have a lot less abuse when it's easy to find.

------
philip1209
Could this be considered libel?

------
mhuffman
This is a disgusting abuse of user trust! It makes assumptions about other
software and posts insinuations about you on your own twitter account!? I hope
they have repercussions enough to make others considering this either think
twice or be very upfront about what it intends to do.

------
OldSchool
I'm a fan of privacy so I don't understand the draw of twitter beyond the
original purpose of broadcasting a message to a known list of people. Perhaps
even 1-way followers if you add in celebrity types as tweet sources.

I guess the tipping point is the 'tweet back' feature. At its worst it seems
like a narcissistic 'I want to have public conversations with another
individual.'

If twitter id's were all anonymous I suppose it's no worse than a forum like
this except that the content is most likely far more personal and far less
technically valuable. I use HN to keep up on the latest technology and to some
extent business trends.

Why do people like twitter?

~~~
ramchip
One example use case I saw recently in my circle of friends: person A tweets
"wow, there's a great special on sashimi bowl at the place near the
university", person B tweets back "@a hey, I'll be in the area Friday, how
about we go for lunch? anyone else interested?", person C (common friend) sees
the conversation and tweets "@a @b hey, I'll go too". Finally a group outing
is quickly organized.

Mostly I see it used for quick conversations, funny remarks, organizing small
events, saying when you're going for a trip...

------
danso
Contact info to register complaints to the company (Enfour) is here:
<http://www.enfour.com/richard/index.html>

------
stfu
Somehow I think obviously questionable ideas like these have a positive
impact.

They are most likely teaching users a lot more about privacy than all the
warnings of us "paranoids" can achieve.

------
Aissen
Not an iOS user, so I wonder: what would have happened if you didn't have a
Twitter account ? Or is it mandatory now ?

------
adambratt
Honestly, I find this kind of funny.

"iPhone app goes rogue and starts defaming users via twitter"

That's not and issue people had to deal with 50 years ago haha.

------
leoh
I wonder how Oxford feels about all this...

------
stevewillows
Does this count as a violation of one of Asimov's Three Laws?

