[jeroenhd]

The website is down, but yeah, offering customised ISO files with Windows and some tools is clearly a breach of license. You can't just take a paid OS distribution, add some config and plonk it onto github.

There's been people patching and customising Windows for many years, but most of the time that was done in the form of gaining an official ISO, patching it with a program on your computer and then using that to install. With that model the user is the one violating the license, not the distributor, though often these configurations used the official Windows API for OEMs so it was legally grey enough that I've never heard of any lawsuits.

If these people just provided an exe and some patch files to turn an official ISO into the same thing as they offered on their website, they'd likely be in the clear.

I'm not entirely sure what the point of the project is though, loads of pentesting tools only run well on Linux and there's plenty of Linux pentesting kits already. Why not just run Kali in a fullscreen virtualbox and be done with it? Or load Kali into WSL2, assuming Microsoft has fixed the hardware access limitations in WSL1?

[belorn]

But that is not what the DMCA copyright claim says. It does not complain about redistributing the files of a paid OS. The complaint is explicitly about providing a tool to work around technical restrictions, so "just provided an exe and some patch files" will not make microsoft happy.

A common copyright claim of someone sharing copies of proprietary files would not make news. Using the DRM circumvention provision in DMCA is a bit more rare.

My guess is that the technical restrictions being alluded to is the advertisement and telemetry that is baked in.

There are comments here that speculate about the issue being the creation of a derivative work. If the claim had said so it too would be interesting as the line between operative system and user space is always a bit blurry and people been arguing what is what for decades.

[vonmoltke]

The way I read the complaint[1] there are two separate claims made. The first, distributing the modified ISO, appears to be the core DMCA claim:

> BSA has determined that GitHub.com (specifically, content made available on GitHub through the link listed below) is providing access to copyrighted, nonpublic, proprietary information of our member Microsoft. The link leads to copyrighted material pertaining to Microsoft. Specifically, the copyrighted material in question can be found at the following link:

The second claim, concerning technical restrictions, is advanced as an EULA violation:

> Moreover[2], the link provides a work around technical restrictions of the software, which violates Microsoft’s Software License Terms. Please see lines 22 to 30 from the following link: https://github.com/ninjutsu-project/ninjutsu-project.github....

I'm sure MS and the BSA would love to have any EULA violation classified as a DMCA violation, but I don't know if this second claim would hold up. I'm not an IP (or any sort of) lawyer, and my ability to parse legalese is limited, but I think MS/BSA have a much weaker case for this if the complaint did not have claim 1. That is, distributing the tools may "not make microsoft happy", but their legal foundation to take those down is much shakier.

[1] https://github.com/github/dmca/commit/e6911fbf79c67c6f9e834c...

[2] Use of this interjection is what leads me to separate the two quoted sections into two claims.

Edit: "did not have claim 1", not "did not have claim 2"

[belorn]

I can see how seeing it as two claims is a valid interpretation.

If we look at claim 2, the term "technical restrictions" is often used as a synonym to DRM in many places. The law text use different words: "(A) to “circumvent a technological measure” means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner".

Without invoking the circumvent clause, claim 2 looks misplaced in a DMCA notice. What aspect of copyright law is being invoked? The only thing left would have to be derivative work. The case law for that is spotty, through blizzard did win one such case if I remember right where a cheating tool enabled players to break the EULA. Blizzard argued that the tool assisted players in creating an illegal derivative work of the wow client, as the tool modified the client in an unlawful way against the conditions in the EULA, and thus the developers of the cheating tool could be held responsible for the creation. BSA could make a similar argument but I don't think they are based on how claim 2 was written.

If we see the DMCA notice as two distinct claims, and we remove claim 2 as being irrelevant in the context of copyright, then what is left is the BSA claim that the repository had copyrighted material and the accused that said they don't. Looking at the linked video myself, it seems that they did copy the installer iso from microsoft. Based on those observations I suspect that Ninjutsu os is simply an unmodified installer bundled with post-install scripts. That might be a copyright infringement, and if so, removing the unmodified installer and make the user download it themselves might resolve the issue. That is, as long as claim 2 is ignored.

As a side note, I would find it somewhat funny if microsoft later claimed that pre- and post install scripts create a derivative work. It has some interesting implication for configuration management utilities and cloud solutions.

[smolder]

This is a bad move for MS. It's user hostile enough to have telemetry and ads in the OS in the first place. If they fight against people's efforts to make it usable again, they lose market share, developers/power users lose interest in the platform, less software gets bought from and made for their store, and so on. I think what they really need is a pro version of Windows that attracts pro users by removing the bullshit to start with. That shouldn't be exclusive to Enterprise.

[Ntrails]

> It's user hostile enough to have telemetry and ads in the OS in the first place.

I may be alone, but I think those two things are very different classes of feature, and am very relaxed about the former as an opt out.

[jeroenhd]

The opt-out does not exist for Home and Pro users. Only Windows 10 Enterprise can completely disable the telemetry engine. Unless you take extra steps (firewall rules, network-level blocking, etc.) Microsoft will get a ping every time a new device is plugged in and there's no way to disable that for the common user.

I used to accept most telemetry popups from Microsoft before they became opt-out, but in the scheme MS has currently set up, I don't think MS let their customers make an informed choice about their data collection. For that reason, I oppose it as much as I can.

[SkyBelow]

> I don't think MS let their customers make an informed choice about their data collection.

I think this is part of a larger problem where no single individual can given informed consent to any corporate contract because one involves a team of lawyers and the other involves an average person. Even if the single individual was a lawyer it would be questionable, but for the average person who has a limited college education and no special legal education at all, there is far too great a power difference for informed consent to be given.

[lozenge]

You can't opt out of telemetry in Windows. Everything on the list here is collected: https://docs.microsoft.com/en-gb/windows/privacy/required-wi...

[Xelbair]

There is no opt-out of telemetry in win10. You can only set it to basic.

[gruez]

You can set it to one level lower ("security") on enterprise and education editions.

https://docs.microsoft.com/en-us/windows/privacy/configure-w...

[Xelbair]

It still isn't opt-out. And you still have no exact idea what is and isn't sent - only their promises.

Personally i use ancient trick that block telemetry on metered connection, and you can set LAN to be metered too via registry key.

No idea if it still works to be honest.

[pbhjpbhj]

I don't know, but I assume the telemetry is used for marketing by Microsoft at least and probably by their partners (ie people who financially benefit Microsoft partially in return for access to "telemetry").

[iso1631]

I'm happy about the former as an opt in, and where I can target which server I want the data to go. Could be quite handy actually.

[aww_dang]

They've been doing this kind of thing for decades and still have market share.

[nailer]

The hack is probably removing even the 'Security' low-level telemetry. Which yes, would hurt users.

https://docs.microsoft.com/en-us/windows/privacy/configure-w...

Edit: if you don't feel like reading the link, the 'security' level is the minimum required for updates.

No updates means no security updates. Which means exploitable boxes. Which would return us to the grand old days of exploited Windows XP botnets.

[ghostpepper]

Is there any technical reason why telemetry would be required to make updates work?

[nailer]

How do you have a machine download updates and install them without tracking that it is downloading updates and installing them successfully?

[MaxBarraclough]

Every Linux distro manages this. You have the client machine determine which updates it needs, as it has access both to its own state, and to the package repository's manifest.

[im3w1l]

> The complaint is explicitly about providing a tool to work around technical restrictions,

That's their legal argument. Doesn't mean that's their actual grievance.

[CivBase]

What exactly is the basis for this DMCA claim? Is there any precedent for this or does MS just think their PR has it too easy?

DRM is supposed to prevent redistribution of copyrighted works. That's the unethical part. If the user is not redistributing copyrighted works, why should the law care about the preservation of DRM?

If I buy a locked safe at an auction and it contains a bunch of copyrighted paintings, nobody would get mad at me for breaking the lock so I could get to them. What else am I going to do? Hang the safe on my wall? The problem only arises if I start copying the paintings and distributing them.

[AnthonyMouse]

> If I buy a locked safe at an auction and it contains a bunch of copyrighted paintings, nobody would get mad at me for breaking the lock so I could get to them. What else am I going to do? Hang the safe on my wall? The problem only arises if I start copying the paintings and distributing them.

This is why DMCA 1201 is such a worthless weasel and needs to be destroyed.

If you're circumventing in order to commit copyright infringement, that's already illegal and you don't need a separate rule for it. If you're circumventing in order to do something that isn't copyright infringement, why should that be illegal?

[salawat]

No, it's probably shit like Driver Signature Enforcement. I've been doing everything I can in order to keep my Vaio Z-Series able to avail itself of new drivers from Nvidia, but since Sony abandoned maintenance, and no one else will, the community of users that like the platform have gone through gargantuan efforts to try to get drivers working for it.

Which Windows 7 now refuses to load, because they aren't blessed by Microsoft, who've officially discontinued support.

Microsoft can go to hell in that regard. I didn't ask for them to backport their driver nanny onto my machine at the behest of the media industry. They broke my machine, not the other way around.

I expect to be able to compute. Not be patted on the head and fed platitudes that "Oh, we can't let you do that. We have agreements to abide by which you were never considered to be a party to, yet nevertheless, will be subject to."

If I have to learn to handcode UEFI assembly to un-f my machine, so be it. I could probably load Linux on it, or uninstall that update in particular, but to be frank, at this point, my quest to lobotomize Windows has become a project continued out of spite. I will not accept this kind of velvet gloved, law by corporate compact. Users deserve better. If other companies are so on their last leg they need to excise huge chunks of user agency to remain viable as businesses, that is not my concern. My machine, at a fundamental level, is mine. Not the OS vendors.

We used to do what seemed like a beeter job at respecting that. Alas, those days are seemingly long gone or on the way out.

[an_opabinia]

> technical restrictions being alluded to is the advertisement and telemetry that is baked in.

I'm pretty sure the complaint is about anti-piracy features. In that situation it's a picture perfect application of DMCA. Also it would make way more sense.

[lostgame]

I’m not sure, but is Windows 10 not slightly different from previous releases insofar as you can directly download the ISO for Windows 10?

Unless you had an MSDN subscription it was a little more difficult to grab an ISO back in the day.

Of course, it’s still illegal to modify and upload the modified version...but you’d think the patcher would be an even more obvious route than normal these days if it’s so easy to download an ISO.

I’m not a Windows person, could somebody explain this a little bit better for me?

[jeroenhd]

Copyright law does not grant you tge right to spread something you downloaded even if it was free. The original rights holder may decide who can and cannot host what part of their product for what reason. Free software usually permits you to redistribute the software you download, but there's no such freedom in closed source software. This is part of the "free as in speech" qualifier of open source software.

Microsoft does allow you to download the ISO for free, which is why I don't understand why they didn't include a patcher either.

Looking at the official twitter account for the project, it seems like the project maintainers (and likely their users) reside somewhere in the Middle East, given that they seem to speak Arabic. Perhaps the average Internet near the project's target audience are low enough to warrant uploading a customised, minimised ISO? I don't know, a patcher seems like a better choice to me. Maybe they'll switch models now because of the takedown?

[redis_mlc]

> Copyright law does not grant you the right to spread something you downloaded even if it was free.

Software source code is copyrightable (to a large extent, for the past 30 years) in the US, but a program exe might not be as there's no artistic expression at all in the bit pattern alone.

So an exe might just fall under license terms.

Source: I have successfully filed software copyrights and trademarks.

[sjwright]

That's so wrong it's almost painful. Copyright is the only reason why anyone pays attention to the license associated with compiled software. What would be the point of a license for an artefact not protected by copyright?

It also is absurd to suggest that there is artistic expression in source code but not in a direct translation of that same artistic expression.

And it's also worth remembering that binaries contain more than just executable machine code—they also contain strings, bitmaps etc. Are you claiming that strings and bitmaps cannot be copyrighted too?

[redis_mlc]

Actually there was a court case that agreed with my reasons, and that was the law initially.

It looks like object code became copyrightable in the US in 1983 through a few court cases:

https://pdfs.semanticscholar.org/18ba/427b7142a61534006f4fda...

Don't know about other countries.

[sjwright]

An assertion that one court somewhere on the planet erred in a spectacularly ridiculous way isn’t evidence of anything.

[iso1631]

That's a crazy viewpoint, I've never signed any license agreement with microsoft, but if I were to have a copy of a windows 10 ISO, or even just calc.exe, I wouldn't be allowed to share it

[redis_mlc]

No, it's not crazy, and copyright was only extended to binaries in 1983.

[mrkstu]

An OS iso is going to have a multitude of copyrighted assets beyond complied programs.

[p_l]

Getting legal windows ISO download has been possible since at least Vista, though it wasn't as easy as it is now.

The issue is that ninjutsu essentially provided a hacked up image to download, a derivative product, which they didn't have a license to distribute and thus copyright bit them in the arse.

[qilo]

Yes, now Microsoft allows everyone to download ISO.

https://www.microsoft.com/en-us/software-download/windows10I...

[user5994461]

The ISO is provided so you can download to your Windows 7 PC and upgrade in place to Windows 10. I did it on my old laptop, works well.

Microsoft really wants Windows 7 to go away and they actually give the tools to do so. I think it's great!

[effingwewt]

Respectfully disagree.

This is a story of a personal laptop of mine. Upgrading from Win 7 to win 8 with paid upgrade sometime after win 8 was 'stable'

The upgrade tool works fine until it doesn't.

When it chooses not to work, it will have you DL the upgrade files, as well as updates to OS, this can take forever and is a major point of failure for techs. (random hangs, reboots, loops, you name it)

But the really evil bullshit actually happens on successful upgrade. Oh that tool that said your laptop could 'upgrade fine' now can't, so sick of the BS revert to old installation.

Jk to find its no longer a valid bootable os now. had to repair win 7 installation to make bootable and was asked for product key... what? entered mine, sticker still gleaming on my laptop... Microsoft says invalid key! No worries, must be an accident, call MS CS. Am told that upon upgrading even though incomplete, I had willingly surrendered my old product key and it could never be used again. Ok... ask MS CS rep to please issue a new one? He says happily, but they no longer sell keys for windows 7, I could either buy an enterprise edition from them for if I remember correctly $7-800. In shock I looked it up and found at bestbuy for i think was 120...was advised to purchase from bestbuy as MS couldn't offer me the same( incidentally not long after this was when they extended the EOL timeline for win7).

Screw all that noise, I just ran a SLIC and never thought about it again, laptop's still chugging along today.

So personal anecdotes whatever, but I have worked on far more than my share of PCs, and upgrading became so convoluted early on it was invariably 100x faster and easier to backup and clean install. Even when everything 'just works' when upgrading, sometimes it doesn't. You will have errors everywhere, random hangs reboots etc.

It's infuriating and it has persisted as an issue from Win XP to 10.

[user5994461]

The upgrade path is only from Windows 7 to Windows 10 as far as I am aware. Microsoft extended licenses so that license for Windows 7 are valid for Windows 10 and vice versa. This might unfortunately have been after your story.

Windows XP never had an upgrade path (couldn't even change hardware like the motherboard safely) so it's progress in my mind. Windows 8 was a mess that was dropped shortly after release, I am sorry for all the souls who had to try it.

There is a very good backup tool embedded since Windows 7 that allows to snapshot and restore the system. Highly recommend to use.

[happycube]

Windows 10 is de facto shareware at this point. If you don't provide an activation code it simply puts a nag text on the bottom right. ;)

[joombaga]

As I understand it the ISO you get without an MSDN subscription is missing a bunch of updates.

[gruez]

Is that really an issue? With windows 10 there's a new version out every 6 months, so it's never going to be that out of date.

[opan]

>You can't just take a paid OS distribution, add some config and plonk it onto github. I believe the issue is with licensing rather than cost here. You haven't been given a license that permits you to change and redistribute the software (as you would were it free (as in freedom) software).