If you want to use it, PAY. FOR. IT.
https://github.com/floatinghotpot/cordova-admob-pro/blob/mas...
*"Or else you might be unhappy someday."*
If that isn't a threat, I don't know what is. This guy's plugin should be removed immediately for such actions.
We also take 30% of the revenue (which is around industry standard), but it's very well-defined in our Publisher Policy: https://www.ethicalads.io/publisher-policy/
The real open source belongs inside the GPL bubble, where you are legally obligated to share back, and it was battle tested when closed platforms like iOS gained traction.
Did people help pressure Apple to make licenses like GPL viable in their walled garden? Or did people dissed GPL-ed software because they couldn't use it in the Apple ecosystem? The moment we conceded with "LGPL with linking exception" marked the loss of the iOS battle.
Remember that GNU exists because Stallman couldn't ahem install a printer. And guess what? People avoid the distros with ONLY FOSS components because "it's impractical". If a distro becomes popular is because it includes a collection of proprietary drivers.
Our convenience is what made open source what it is today. And you know what? I accept my fault in the great scheme of things.
I was burned by people profiting with work I made for free while I was struggling to survive during the 2008 crisis. I am already familiar with the feeling of betrayal by the people who was supposed to support my work. Open Source was not for me.
Maybe for some, but having a project used and sold by Amazon would be the endgame for me.
I think it's clear the plugin author was/is happy to let the 2-30% stipulation fly under the radar and sit back and collect which doesn't sit great with me but also I kind of get it. I mean if you are going to take OS work and use it for your own gain (something I'm plenty guilty of myself I'll admit) then don't be surprised if not reading the license bites you in the butt.
In a perfect world OS devs wouldn't need to these methods to make it worth their time but we don't live in a such a world, people rarely donate to OS projects and expect issues/features to be added quickly and for free. People need money to exist and they don't owe you anything. Honestly if this plugin author had called out the 30% in their license I would say this blog author has no leg to stand on. As-is I'm glad the app developer got their money back and the plugin author should either stop charging more than 2% or update their license accordingly. But "stealing"? Too harsh, especially since you got your money back.
I don't think this is entirely kosher for a bunch of reasons, but I'm willing to believe that it was a naïve person doing something naïve after being burned by someone cheating him out of his cut, or something along those lines.
At any rate, since the author of this article was unaware of the 2%, it doesn't really matter if the 30% would have been mentioned or not. That they took any cut could have been clearer, perhaps – I don't know how it looked like before on that Ionic plugin site, but it's plenty clear now so that's a solved issue (if it was an issue to start with). That this was added after this exchange (and before it was published) without any pressure further demonstrates the plugin author is essentially acting in good faith.
Mistakes happen, but in this case, it's a conscious decision by the plugin author; I think stealing is the right word, especially when it turns out you've done it with thousands of apps
Either learn to read licenses, or have a list of approved licenses (MIT, GPL, etc.) and only use software thus licensed.
EDIT: What I mean above is the 2% which is specified in the “Licence Agreement” page – the article author is clearly considering this, too, to be “stealing”. Regarding the increase from 2% to 30%, that is way more questionable, and I do not defend it.
OG plug-in author has a problem with people abusing license key system, builds in code to detect it. Disclaims it vaguely, OP gets bitten and has the gall to call it stealing. Author offers to help OP out, OP puts him on blast.
Zero sympathy, even at 30%.
Op called 2% stealing, 30% is for basically triggering the anti cheat. OP should have paid paid the license and read the rules.
>If use in commercial project, please get a license, or, you have monetized more than $1000 using this plugin, you are also required to either get a commercial license ($20). As a commercial customer, you will be supported with high priority, via private email or even Skype chat.
Which is nigh illegible.
Does anyone know what happens when someone publishes conflicting licenses?
That's unlikely to be legally enforceable on NPM, but they might honour takedowns anyway.
You just have to, you know, work
Blogging dev was too cheap to just pay $20 for a license for code that would generate him money. THAT is really the bigger issue here, regardless of everything else, including the fact that he was in violation of the agreement, i.e., >$1,000 MRR.
Here's a little pro tip for everyone, don't cheap out on paying someone $20 for the work they do, when it will be generating you significantly more income.
Frankly, regardless of whether or not the plugin dev is sketchy or not, the blogger dev violated the terms of the agreement and seems rather ungrateful that he was given back what he should not have even gotten back.
It is theft, the hidden cost in the licence agreement* states 2%, taking that up to %30 for no reason and with no warning based on some arbitrary 'black list' is theft.
* as shady as that is
How anyone can think they're entitled to assume how it should run is ignorance sufficient to shred what remains of my humanity.
He didn't demand you give him money, he said if you ran his code, it will act as he intended.
You ran his code. It worked as intended.
I did not...
> He didn't demand you give him money, he said if you ran his code, it will act as he intended.
He did not...
He said it would act one way, then it secretly acted another against the contract that was entered in to
> It worked as intended.
It did not...
Even their staff admit they never intended to charge him 30%
EDIT: The percentage increase from 2% to 30% was not posted; I withdraw my opinion on that.
Taking reveneu without a contract smells like fraud to me.
Yeah, anon is the enemy for wanting to get paid
This is the closest it gets to calling out the the 30% but I agree, it should be clearer.
[0] https://github.com/floatinghotpot/cordova-admob-pro/wiki/Lic...
The blame is on you. Read the license of what you're using, and make sure what it's requesting in general. Triggering statement, so be warned: Ad Revenue supported products are generally ALL SHADY.
So, I'm astonished he gave you back some money. Probably a useless attempt to have less hassle moving forward, yet you went ahead and shared it.
At best, you're equally to blame. At worst, you just want stuff for free while you get paid for your work, the worst kind of entitlement.
Here's the license:
https://github.com/floatinghotpot/cordova-admob-pro/blob/mas...
It's MIT.
Here's what they say "If you have used this plugin for FREE but monetized more than $1000, you are also required to get a license, or share us some Ad traffic as stated in win-win partnership model below"
If the MIT license is correct, they are lying: people don't need to get a license. The users already have a license that covers absolutely everything and they even have the right to edit the plugin to remove the % cut altogether.
Other things they are lying about, in their wiki https://github.com/floatinghotpot/cordova-admob-pro/wiki/Lic...
"Reminder: copy the code, change a plugin name, without feature enhancement, then publish to npm, is not allowed."
This is just false. The existing MIT license absolutely allows changing the name and republishing to npm.
Perhaps they just don't understand what is open source about. Absolutely all open source licenses allow forks.
People just arbitrarily pulling in code from random people on the internet and expecting everything to be fine is hilarious. Your project, due the due diligence.
To answer the hypothetical, the author is still at fault even if was malware.
Wow, that's as explicit victim blaming as you can get.
If you hypothesize that the software did something illegal, I hypothesize that nobody would defend it.
Those Cordova apps over a certain age and complexity are terrifying. Random plugins, ancient Cocoa Pods, abandoned JavaScript libraries, several different build systems (somehow all being used), Node.js modules with version conflicts that can never be resolved, pulled from all over the internet and all over time.
I am not surprised this guy had no idea what one 3rd party ad plugin was doing, if the app I saw was typical.
I try my best to stay away from ad supported business models, if there is an app in the App Store for instance that has an in app purchase to turn off ads, I have no problem paying for it if it something I’m going to use.
It seems I'm the only one that is bothered by this.
And no I don't at the time nor the skill to audit everything or to use a static site like Hugo.
The article linked to here [0] which is a must-read for everyone who feels that adding a dependency is safe.
[0] https://medium.com/hackernoon/im-harvesting-credit-card-numb...
They're also centrally managed by Microsoft, so if there was a problem with one package they could kick it out of the Nugget repo.
But in the end you're right, it's mostly a matter of trust and finger crossed.
I kinda want that story right now lol.
1) Create a nice plugin to serve ads
2) Bury a complex revenue sharing logic in the terms of use that nobody read anyway
3) Profit
| ____ |
| |o o| |
| "" |
| O O |
| \ / |
| X |
| / \ |
| O O |I don't think taking 2% is theft. Maybe it's a dark pattern, but it's definitely not theft. In the article, I say that I calmed down after explaining with 2%, which means my agreement with the situation.
The way the increase to 30% is made and the number of users with such a percentage says that the author deliberately increases the percentage without warning the user, which is theft
That said, if you really wanted to impress, you'd improve the visibility of your practices for each individual developer, by providing a dashboard that fully discloses revenue-over-time, along with proactive notifications when your terms change. The MVP here would be a single email sent when the 2% term changes.
This business model where the providing party retains the right to change terms arbitrarily has always concerned me, in the same way something like an indentured servitude contract would, and yet they are all too common. But its everywhere, and no self-interested business would take steps to reduce it's power against the counter-party. There is a whole set of problems here that neo-liberal capitalism not only cannot solve, but actually seem to make worse. It's easy to point the finger at a single dev, or a small team, and say "you're unethical!" but in truth I think the statement is more informed by the ability to identify the actor than the action itself, which is endemic. (To take two examples: variable rate mortgages, and credit card debt, neither of which are modeled by consumers and both of which are certainly gamed by the counter-party.)
So I just forked an older version of their code and ran from that. I also made a post telling the guy it was kinda shady, they didn't seem to care.
> If you have used this plugin for FREE but monetized more than $1000, you are also required to get a license, or share us some Ad traffic as stated in win-win partnership model below
> Ship our code with yours to end-user, no need paying a cent at all, instead, share 2 percent ad traffic, so that we can both benefit and cover our cost to maintain and enhance this project.
A page titled “License Agreement”, clearly linked from the home page.
(Regarding the 30%, I agree – this was questionable at best.)
So I there's no reason for the licensor to assume that the commercial offer was chosen and that the licensee agreed to that 2% withholding, much less a 30% one.
> Fork the source code and maintain it yourself (bug fix, any future changes on Cordova and SDK, integration support, etc.); see the open source project here: https://github.com/floatinghotpot/cordova-plugin-admob
Which I think it's clear that's not what happened here, the blog author was using AdMob Pro and thus unable to qualify for "Free and Open Source, no support".
“Kindly reminder, do not use a fake license key or a license key from others, do not share your license key with others. Abuse of the license key may cause negative impact.”
In the license, it clearly state that is perfectly acceptable to use the addon unlicensed, and if you go above a certain monetization level, it will take a cut. The explicitly calls out the cut as 2%. Except the license was a lie, it is not 2%, it's 30%. That is theft.
If the addon took 2%, as the license explicitly states, it would have been completely legal. It was not 2% and it is theft.
Is it really a good model for funding Open Source software to bake in clearly illegal landmines that steal from anybody using said OSS? If so, that feels way more like malware than OSS.
Or are you punishing OP simply because they didn't know there was 2% involved? If so you don't really see zero difference, you just are exacting some punishment.
Ehh, I disagree. We all know developers would click through any terms without reading anyway and the onerous is on us to read the license before we integrate 3rd party code, which we rarely do. I see this as /just deserts/, a sort of hat tip and "well played sir". The 30% that is not mentioned is the sticking point, the 2% is absolutely reasonable and I might even say I'd think 30% is reasonable IF it had been called out in the license.
https://github.com/floatinghotpot/cordova-admob-pro/blob/mas...
It's free software provided without warranty. It's right there in the MIT license.
> THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
That's the license OP agreed to when he used the code.
If on line 37, page 409, of a car rental agreement that you sign, it states that if you are an hour late in returning your vehicle, the car rental company will take your firstborn, and you sign this agreement, then it's on you, right?
This isn't a fine-print, it's literally in bold in the license file. I am not renting a car that says it might not run but they'll still charge me.
> If on line 37, page 409, of a car rental agreement that you sign, it states that if you are an hour late in returning your vehicle, the car rental company will kill your firstborn, and you sign this agreement, then it's on you, right?
This is a bad example because killing my firstborn is illegal. This is more akin to a car rental that charges and extreme late fee that is written on page 1.
Taking your example: Ebay decided that they couldn't afford the reputation loss to accept listings with dark patterns so they updated their T&C to reflect that, but that doesn't mean that the action that ebay took was the absolute truth.
To name a different example about dark patterns: There are websites which color the "Accept All Cookies" button with the primary action color and they place the button after the checkboxes where you choose your cookies, in the place that most of us expect a "Submit" button. As far as the GDPR is concerned they're complying.
As a consumer it is your choice to stop doing business with persons and companies that use dark patterns.
The same applies to open source. You are seeing that the number of maintainers who are disrupting projects is increasing. Would you really trust your business to a person that you don't even know? It is your reponsibility to audit the code that you're using.
The ease with which a (substantial!) refund was offered makes me think it wasn't an isolated incident.
The OP was never informed of the high percentage!
https://github.com/floatinghotpot/cordova-admob-pro/wiki/Lic...
> 3. Win-win partnership
> And, if you don't have enough money yet to get a license, or don't have a PayPal account, here is another flexible option worth considering, no need to pay a cent. We may call it partnership.
> We maintain, support, and version update for any plugin issues, you don't worry about its update or bugfix, just use it for free, and focus on your app or game logic.
> Ship our code with yours to end-user, no need paying a cent at all, instead, share 2 percent ad traffic, so that we can both benefit and cover our cost to maintain and enhance this project.
The problem is the plugin author silently raised that "share 2 percent ad traffic" to 30%.
Also note that the software is MIT licensed. Tucking some random additional clauses on your website or somewhere else doesn't magically change the licensing, if you don't want to use MIT (and make them free to use it) then don't use MIT.
You operate in the us? You pay the irs. You operate in Brazil, you pay them.
The price was disclosed, optional and entered into freely. Dude is buying his lawyer a boat if he wants to fight it.
The 30% was not disclosed and applied unilaterally. Per the email exchange:
> "After check, we find your app in the black list, and a random higher rate will be applied. Usually when a guy is using a fake license key, or send unusual attacking request...
A situation of "we're giving you money so that you don't report a crime" (which is implied by "turning in to the authorities") is more like extortion/bribery than it is a settlement.
The author has written their license poorly in a stupid manner that allows everyone to use their product for free - that's why lawyers are useful and why for small developers it's a very good recommendation to use one of standard licenses instead of trying to write their own from scratch. As of now, perhaps due to the author's legal incompetence, the license also allows free usage for commercial purposes.
Sure, based on the license, someone could fork AdMob Pro and remove the ad sharing but that's not what the blog author did.
Eh. For something like a keylogger, not really; there are laws against writing and distributing malicious software. In the UK, you can write malware for educational purposes, but woe betide those whose malware escapes or “escapes”: no MIT license disclaimer will save you.
With the multiple contradictory statements, even just within the README, though, my company’s lawyer would say we can’t use this dependency at all if I showed it to them.
This code is written to share revenue with the author after a threshold, but that's merely the application/code working as intended.
You're free to fork the code, remove this sharing and republish the dependency under another name for example, that's the only thing that MIT is about
However, blaming "e.g. any license-scanning tools" is not correct either, since that would be clearly a limitation of the license tool, encoding assumptions of location and standardization that are nothing more than convention. I mean this in the sense that if you went to court and your excuse was "my tool didn't pick that up", you would probably not be victorious, since the terms were laid out clearly for human consumption.
And I agree, a lawyer would not want to use this dependency, but it shouldn't take a lawyer to do that. You are responsible for the legal implications of using anyone else's software.
If you have an offer of the MIT license from the author (as in the LICENSE.txt), then no clarifications or restrictions linked from the home page affect it, and other offers of other licenses are possible but not relevant if you like this particular offer.
You yourself say that "the increase from 2% to 30% is way more questionable". What is "questionable" about that? Maybe that is not stealing but it is an obvious fraud.
I really don't get what your motivation could be to defend that kind of shit.
The plugin author claims that the ramp-up to 30% is an anti-abuse measure. Supposedly, something triggered the abuse abuse flag and the rev-share ramped up as a "get in touch with us" signal, with the additional rev-share refunded when the user does get in touch.
Taken at face value, I think that's not unreasonable, though the lack of logging from the plug-in author's side is questionable (asking the customer how much they wanted refunded).
Where I think the jury is out is whether that is actually what happened, or whether the plug-in just ramps up every customer to see what their pain tolerance is.
> Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files
> If you have used this plugin for FREE but monetized more than $1000, you are also required to get a license, or share us some Ad traffic as stated in win-win partnership model below.
https://github.com/floatinghotpot/cordova-admob-pro/wiki/Lic...
The project however includes the following the license: https://github.com/floatinghotpot/cordova-admob-pro/blob/mas...
Surely releasing code under an MIT license makes their statement invalid. Why would I be "required to get a license" and offered a couple of commercial options? It sounds like they need to get some legal help to properly license the project in the way they want to.
Furthermore, pricing should be clear. It's deceptive to hide it within their so-called "license" section. As a developer, why would I read the license section if it's clearly marked within GitHub as being licensed under MIT and has a LICENSE file confirming that?
That said - you do need to actually modify the code yourself, if you instead decided to use some man-in-the-middle attack to modify the packets in flow you may still be misuing the software. There are ways you could approach a solution that would in fact violate the license, as trivial as it is to circumvent.
The very first paragraph reads:
>You can use the plugin for free, or you can also pay to get a license. IMPORTANT!!! Before using the plugin, please read the following content and accept the agreement. THIS WILL AVOID POTENTIAL PROBLEM AND DISPUTE.
If as a user you're paying 2% of ad revenue, the plugin isn't free.
> If you don't want to get a license as your apps may not earn too much, or you don't have a PayPal account to pay, here is a compromised option. You don't have to pay, we are also okay if just share 2 percent user traffic, so that we can cover our effort and focus on maintenance and online support.
They don't make clear that that's the default behaviour. That by doing nothing you're consenting to their 2%.
If a developer wants to profit from their work, they should behave like a business.
MIT allows you to: "use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software". That's it.
Harder to fit in your business card, I'm sure, but hey, you've earned it!
I asserted that as an investor, if a company is largely ran as a single person's whims, it becomes indistinguishable and unusable as a revenue producing entity.
I would invest in neither the person who thinks they're a company nor a company that thinks they're a person - neither were attacked, I simply said they wouldn't ever get a dollar.
------
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Running that without a proper license may cause unexpected behavior, contact me to obtain a license.
If you are a licensed user, it will likely render your system inoperable.
What law did I just break?
• short enough, and non-novel enough, not to count as a copyrightable work
• explicitly described as malicious in the accompanying documentation
• not viable for use in a cyberattack (since it can only be run once you've already won)
• doesn't actually work, due to a typo
you probably haven't broken any laws. But, again, I'm not a lawyer; please seek legal advice from an expert in the laws of your jurisdiction if you want an accurate answer.
Keyloggers don't have to be malicious (e.g. you can use it for a global hotkey hook). Thus, writing such software doesn't have to be done with that mindset at all. That being the case, it is ambiguous whether or not those laws apply.
Yes
> includes an MIT license file
Maybe. MIT license permits additional license restrictions on top of license. For example, MIT code can be copied into a proprietary system with a different license, which will forbid copying code out.
If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful. The snark thing is particularly a marker of bad comments here.
That's not what the licence states at all...
> Permission is hereby granted, free of charge, to any person ... including without limitation the rights to use .. copies of the Software.
The licence states Permission is granted free of charge to use the software, if the software is charging then that's a breach of the licence..?
Just curious, is this your attitude towards other things as well? There used to be a very popular ebay scam, which had people sell large screen TVs and video game systems for very cheap. At the bottom of the auction description, in fine print, the auction also clearly stated that you were bidding/buying only a photo of the product, not the actual product. In other words, it was "spelled out", so no one was getting scammed according to your perspective here, right? It was on the fault of the buyers for not reading the license/auction description?
If on line 37, page 409, of a car rental agreement that you sign, it states that if you are an hour late in returning your vehicle, the car rental company will take your firstborn, and you sign this agreement, then it's on you, right?
A 2% cut was spelled out in the license.
A 30% cut was not, but the plugin author silently upped it to that over vague assertions of abuse of the plugin.
> "After check, we find your app in the black list, and a random higher rate will be applied. Usually when a guy is using a fake license key, or send unusual attacking request..."
I really don’t see either party as underhanded here, maybe lazy in respect to both communicating and with paying attention, but I can’t see either as being shady. It’s just a series of human errors.
This reminds me of a game I ported from iOS to Windows Phone, actually. It was free and ad supported. I told my contact like 50 times he needed to get me an API key for Microsoft Ads, so I just used my own while I waited. Fast forward six months and the game launched after still asking every week and informing them that they needed to get me the API key or all ad revenue would go to me.
I set up an auto email to go out once a week asking for the API key. That person would reply back for literally any other issue.
They emailed me like 2 years later asking where their money is. I replied with the entire situation, screen shots of the emails and would be happy to send them the 1¢ they earned.
I never heard back from them until their lawyer contacted me. Sent him the same stuff. Never heard back from them either. They did post a blog post about how they were going after their ex-developer for “stealing” their ad revenue though. I lol’d and went on with my life. People do weird shit for some publicity. I’m not saying that’s what’s going on here, but it sure smells like it.
Folklore is full of this kind of stuff. Always read what you sign. Always. No exceptions. Better yet, get a lawyer to read it too.