[Benjamin_Dobell]

This is really cool, and certainly a solid example of why the legislation is moronic. However, isn't this a violation of DMCA's (and similar legislation worldwide) "software lock" circumvention laws?

> It's not pretty, but this is probably the first time anyone's been able to use Plasma at all in the better part of a decade. It seems that Wollay removed a critical UI file (for the sheet which artwork exists on) from Plasma, and made it so that the server would provide an obfuscated version of it to the client. That way, no amount of tampering could get an unauthorized copy of Plasma to work. Unfortunately, without the authentication server, authorized copies of Plasma cannot work anyway.

Around this time, I started looking at what the picroma.de domain used to point to. I didn't find much of interest on archive.org, but...

The domain was now available after all these years, and I bought it.

To clarify, none of the reverse engineering stuff is the issue. However, when your start reimplementing or circumventing "authorization", then you're potentially in some trouble. Worse, it's not civil, like copyright infringement, whereby the IP owner has to go after you. It's criminal, so technically law enforcement themselves can go after you.

In this case it seems unlikely, still though, be careful, folks.

[CobrastanJorji]

(caveat: IANAL and am frequently wrong)

The DMCA provides a singularly annoying exemption process. Every three years, the Librarian of Congress makes a determination of valid exemptions to the DMCA. These exemptions are complicated to apply for, and having been previously granted theoretically has no impact on whether it is granted the next time, so anyone who wants to maintain an exemption needs to reapply and make their case every three years.

From 2018 and until 2021, there are 14 DMCA exemptions in effect. One of them is "Computer programs, except videos games, no longer reasonably available in commercial marketplace, for preservation by eligible libraries, archives, and museums." Unfortunately, while this software is not a video game, nor is it reasonably available, it is not covered by this clause, as "the work cannot be made available or distributed outside the physical premises of the eligible institution."

Not to worry, though! There is one other possible exemption. Number 11: "Computer programs, for purposes of good-faith security research." Is this good-faith security research? Well, one of the tests there is whether the "information is used primarily to promote security of devices on which the program operates." This probably does the opposite, being an effective argument and tutorial AGAINST security, so it probably doesn't work, either.

So yes, this is probably illegal. It could maybe even be a felony, technically. You could probably get years in prison for it. You wouldn't, but that won't stop a fed from convincing you of that in order to get you to sign a confession.

[Benjamin_Dobell]

At least the US have an exemption process.

The US strong-armed most their trade-partners into implementing DMCA-compatible laws. Here in Australia we have "compatible" laws, but to my knowledge no exemption process.

EDIT: It's probably worth noting we didn't even bother amending our existing legislation, we just introduced new conflicting legislation. It's a real mess.

[PeterisP]

What do you mean by the "(and similar legislation worldwide)" ? DMCA is a USA-specific limitation that goes way beyond what the rest of the world has; USA has had some success pushing something like that to a few other countries through transatlantic trade treaties, but as far as I understand, most of the world does not have DMCA-like legislation; it's not universal in the way that Berne convention is. For example, EU copyright law explicitly permits reverse engineering of any software you own, and if it's needed for the purposes of interoperability you're allowed to distribute modifications to copyrighted works without permission from the author.

[Benjamin_Dobell]

DanBC's comment contains useful information. The EU issued a Copyright Directive, thus all member states were told to implement compatible laws.

As pertains to Latvia specifically (I apologise if my Github <-> HN username assumption is inaccurate), then the relevant laws are implemented under "Copyright Law, Chapter XI, Section 68".

We also still have laws in Australia that permit reverse engineering for the purpose of interoperability. This is what I meant above where I wrote:

> To clarify, none of the reverse engineering stuff is the issue.

The problem is these laws are superseded when circumvention of technological measures pertaining to copy protection is involved.

[PeterisP]

True, I had missed the Information Society Directive which adds the restrictions on circumventing effective technological measures. The big problem is in the interaction between these parts of copyright law and the other parts which limit the copyrights; so even if you have the right to do something yourself, then the distribution of these "circumvention measures" is prohibited by this. Sad.

[DanBC]

The WIPO copyright treaty in 1996 told countries to implement laws to prevent circumvention of technical means to protect copyrights.

https://www.wipo.int/treaties/en/ip/wct/summary_wct.html

> The Treaty obliges Contracting Parties to provide legal remedies against the circumvention of technological measures (e.g., encryption) used by authors in connection with the exercise of their rights, and against the removal or altering of information, such as certain data that identify works or their authors, necessary for the management (e.g., licensing, collecting and distribution of royalties) of their rights ("rights management information").

This got written into many local copyright laws.

[segfaultbuserr]

I always suggest RE researchers to operate under pseudonyms and never attach patches to their personal identities, especially if the patch is classified as a circumvention device under the DMCA. While some people may want to use their personal acts to challenge the DMCA itself, but in the majority of cases, it's not the case, the goal is simply getting the job done, so avoiding unnecessary troubles is more important. Use a pseudonym, and they cannot fight ghosts.