Using software without an appropriate license ranges from flat-out simple to relatively complicated. In the case of unprotected software, users simply avoid paying for a license. When DRM techniques are deployed, so-called ‘cracks’ (software tools that circumvent restrictions) are the weapon of choice, activating full packages or upgrading limited demos.
In many cases, ‘cracked’ software works like the real deal. In this Internet-connected world, however, some software has the ability to ‘phone home’ to its creators. For those who don’t take precautions (with firewall rules or an isolated offline machine) unexpected consequences could be lying in wait.
This is the case for unauthorized users of software offered by Foundry. The creative minds behind graphics tools including the popular NUKE, Foundry reportedly supplies software to companies including Disney, Sony, and Blizzard. It does not like its software being pirated and is going to fairly extreme lengths to enforce its rights.
While many companies monitor torrent swarms for unauthorized sharing, it appears that Foundry prefers a more straightforward approach, by analyzing data sent back from the computers of alleged pirates and then making an approach, which includes an offer to settle for hard cash.
Unlike many file-sharing cases where copyright trolls demand a few hundred dollars, pounds, or euros to make a case disappear, Foundry demands much larger sums of money. Documents and emails reviewed by TorrentFreak reveal demands reaching multiple tens of thousands.
On top, Foundry also attempts to levy large fees to cover its “investigation costs”, meaning that companies and in some cases regular individuals face punishing bills for what they believed to be a free and consequence-free download.
For those who care to read it, Foundry’s EULA appears to cover end-user data harvesting.
“The Software may include mechanisms to collect limited information from Licensee’s computer(s) and transmit it to Foundry, including the ability to locally cache such information on Licensee’s computer,” the EULA reads.
“Such information (the ‘Information’) may include details of Licensee’s hardware, details of the operating system(s) in use on such hardware, the location of the Licensee’s computer(s) and the profile and extent of Licensee’s use of the different elements of the Software and other Foundry software.”
Crucially, the EULA (pdf) adds a clause which reads: “[Foundry may use the Information] to ensure that the usage of the Software by Licensee is in accordance with the Agreement and does not exceed any user number or other limits on its use.”
While some people are ignoring Foundry’s emails, others who do respond appear to trigger a kind of ‘fishing’ exercise. Foundry licensing compliance officers ask respondents to provide additional details such as IP and MAC addresses of their own machines, apparently to “eliminate people” from their inquiries.
Precisely why this information should be provided isn’t made clear but it at least seems possible that Foundry is making an assessment whether software could have been used by an outsider, perhaps utilizing an individual’s WiFi connection without their knowledge.
In at least some cases, Foundry appears able to connect the dots when a company or individual has a licensed product and then uses an unlicensed one too. Documents obtained by TorrentFreak shine light on the Foundry system, which appears to log instances of infringement, such as how many times a piece of ‘cracked’ or otherwise unlicensed software has been used.
While companies should always take care to ensure their software is licensed, TF has also spoken with private individuals caught up in the sweep who do not have the means to pay the huge sums of money demanded by Foundry. The company seems to presume that all uses of its software are of a commercial nature, something which could aggravate the scale of the settlement demanded.
TorrentFreak asked Foundry to contribute to this article by explaining a little about why they choose to use this system of monitoring and settlements. At the time of publication, the company had not responded, other than to acknowledge receipt of our questions.