Taking it to the pirates | webOS Nation

Taking it to the pirates

by DanPLC Sat, 04 Feb 2012 12:49 pm EST

As a webOS developer, Dan Perlberger has been responsible for the creation of popular apps like Music Player (Remix), Quick Post, and GeoStrings. He's also leading a crusade against webOS app pirates, and he's not taking any prisoners.

Most of you reading this are good honest people who understand that you need to pay for goods whether they're digital (apps, music, etc.) or physical items you find in a store. However there are some folks out there that think it's ok to steal digital content even though they would never steal items off a shelf in a store. Pirates don't realize, or maybe don't care, that they're hurting developers by freely re-distributing their apps. Most webOS developers, in fact most app developers, are not large corporations. They're individual developers or small teams trying to build a business. Some are even students trying to earn money for their education.

I knew getting into app development would inevitably lead to my apps being pirated. Up until recently I held the belief that there really wasn't anything I could do to stop it. But recently I decided to take a stand and see what I could do to fight the pirates.

When webOS 3.0.5 was released I rushed to update my app Music Player (Remix) - the update to webOS had essentially broken my app. I was able to submit the fix to the App Catalog that night and it was approved and available for download to my customers within a few days. Those that had pirated the app, however, were stuck with the older version that didn't work with webOS 3.0.5, since the App Catalog has security features in place to prevent those with paid versions of an app but no record of that payment from getting updates or being able to redownload the app from the Catalog.

(editors note: We at webOS Nation are not going to discuss the specifics of how webOS app piracy works, nor are we going to mention or link to the specific sites involved in app piracy. It's wrong, it hurts developers, and thus users. We do not and will not stand for or tolerate piracy.)

So I thought this would be the perfect opportunity to run a little experiment - and maybe have a little fun in the process. I went to one of the sites that was sharing a link to a pirated copy of my app being hosted on a file sharing site. I went to the file sharing site and looked for a way to report a copyright infringement. Turns out it was a simple matter of writing an email with some information regarding the copyrighted content. About an hour after submitting the email, the file was deleted.

I watched as they started flipping out: "Please someone re-upload Music Player (Remix)!". I felt bad about the inconvenience the webOS 3.0.5 bug caused my paying customers - that's why I pushed out the update as quickly as I did, but I'd be lying if I said I didn't find some satisfaction in knowing these pirates were not able to use my app. But of course, it didn't take long for someone else to upload my app to a different file sharing site. And again I had it deleted. Again the pirate leeches cried out in despair.

This was repeated several more times before the pirates got crafty. They are pirates after all - you don't have to be smart to start pirating, but you do have to know what you're doing to survive when somebody decides to put their foot down. So somebody used some type of auto-upload tool to upload my app to more than a hundred different file sharing sites. And to make it more difficult for me, instead of just putting up a link to the files, they were distributed in an encrypted list. Oh my, how crafty they were indeed.

I was not about to try and track down my app on one hundred different sites, all with different means of getting infringing content pulled from their listings. It was time for a different approach - instead of precision strikes, it was time for a scorched earth battle plan.

That's right, instead of getting my app removed from the file sharing servers, I decided to try and take down the pirate site itself.

The beauty of the internet is that very few sites are actually hosted on their own servers - it's usually a third party that keeps the site online, and there's always a DNS provider to translate their IP address to a site domain name (that's why you can type www.webosnation.com into your browser instead of the easily-remembered Finding out who hosts the site and who provides DNS service is actually relatively easy - most of this information is publicly available via "whois" services. All you have to do is give them a domain name and they'll return the relevant information like the domain name registrar, creation date, and even contact information for the website administration.

So I plugged the pirate site into a whois search, found out who their DNS provider was, and went to their site. On that site I found both their terms of service, in which they expected all sites to adhere to "general Internet etiquette" and that anyone found in violation of the TOS would have their account suspended. Also on the site: a "report abuse" email link.

Needless to say, I clicked that link and sent the DNS provider links to the pirate site's pages that linked to my apps, pointing out that pirating software is not considered "general Internet etiquette". The DNS admin wrote back a mere thirty minutes later and asked me to contact the site's admin (again, available via that whois search) and request my copyrighted material be removed, cc'ing the DNS provider in the email. If the site didn't respond back in 24 hours, the DNS site would try to contact the site. If they didn't take action in another 24 hours, their DNS privileges would be revoked and the site would essentially be shut down (technically if you know the IP address you can still get to a site without DNS service, but not having a functioning domain makes website life rather difficult).

So 24 hours came and went and I didn't hear back from the pirate site admin. Shocking, I know. The DNS admin is now in the process of contacting the site admin, but it may not be too much longer before either the site takes down the pages linking to pirated apps or the site itself is wiped from DNS land. Either way I'll be happy, although between you and me I kinda hope they choose to ignore the DNS provider.

That's just how things have gone with one site. I decided to test out this "contact the DNS provider" process with another large pirating site as well, and it seems that things may be rolling rather quickly on that front. I filled out the "abuse contact form" for the DNS provider of this other site, including detailed evidence of this site's pirating ways. Now, less than 24 hours after clicking that link, the site's domain name is inaccessible. Is this my fault? Did my report result in their DNS issues? I can't say with 100% certainty that it did, but it seems like an awfully big coincidence, wouldn't you say?

This won't be permanent. There are plenty of DNS providers in the sea, and plenty of other tricks of the sleeves of these pirates. They'll be back. But I'll continue to do what I can to make it an enormous hassle to engage in piracy of my apps. Maybe it'll make the site admins think twice about ignoring emails from developers asking them to take down infringing content. Certainly they wouldn't want to go through the hassle of getting a new DNS provider or host again.

There's only so much that can be done to prevent piracy before it gets in the way of the paying customer's use of the app. But as a developer, I can fight back.