“Never argue with stupid people, they will drag you down to their level and then beat you with experience.”
The guy knows exactly what he is doing, there's really no chance they would stop it on your request.
The best way to tackle these problems is try and find copyright material of yours on his site, then keep issuing DMCA requests to his webhosts. We had someone copying large parts of our site in a similar fashion for similar purposes, it was a lot less effort for us to issue DMCA's and have his hosting accounts suspended than it was for him to keep signing up for new ones. It was a game of whack-a-mole but it worked in the end.
Trying to engage with them is often a complete waste of time, they will often be irrational and defensive which is infuriating. If you goad them into going into the offensive you are not going to come off well.
If you must communication with these people, I think it's best to keep tone neutral (not defensive or offensive), dry, entirely non personal (sign just with your company name, not an employees name) and concise. Replies should be well spaced so it appears a matter of non-urgency. Replies should also be designed to make response difficult (not keeping an open ended conversation going). Keep it as boring as possible for them. Unfortunately your first email to the person went straight into offensive mode, was personal, impassioned and appears urgent. Blogging about it isn't probably going to help either.
If he's not actually stealing anything from you, or doing anything illegal then there's not much you can do. Best course of action would be try not to care at all, and realise that he's probably actually not making any money at all. I'm not saying this to make you feel better, I strongly suspect it's the truth.
I do think it was a mistake not registering .org, a major TLD. As I understand it, changing domain ownership by force is a lengthy process. It would of just been easier to pay $10 a year for it.
If you want to be in a better position to protect yourself in the future consider a trademark.
I agree with essentially everything Tom suggests. I think that trademarks (TM) is something a lot of people forget to use, registered (R) trademarks is something I generally tell people to avoid because its often not going to help unless you have a significant amount of intangible monetary value. It does offer some protection like Tom suggests, but clearly it's not full proof. Still its better than nothing.
On the income side of things, I can think of one way the the author of "The most complete and advanced IT security professional toolkit on Android" could bring in revenue without the need for Adsense or charity.
Perhaps, one could sell said toolkit for money. Say, $370.40 for a "Professional" license. Differentiated from the "Community Edition" currently available on this and other dsploit sites in that it is a.) available after tomorrow and b.) ever likely to receive an update by the original author.
That way, security professionals would gain access to this nice piece of software, and the author wouldn't need to write blog posts like this one. Better still, had he been doing this previously, he would have had seven dollars available to pay for the .org version of his domain name, thus avoiding the whole situation in the first place.
Definitely. Just change your license so if businesses with incomes over $100k a year want to use it, they have to buy the Professional license that costs some appropriate amount (I'm thinking $2000 for a site license or $100 per install, something like that).
As a game developer I've seen a lot of small tools start doing this. Don't try and stop people pirating since you can't, but this way at least people who work at a business who aren't personally signing the checks don't really care if they have to pay a few hundred dollars to use their favorite & best tool.
This is slightly off-topic, but I didn't notice the donation button in the sidebar until typing ⌘+F, "donation"[1]. My inner patio11 thinks that evilsocket is missing out on some cash-moneys. It's probably a good idea to make a more prominent donation widget and add a call to action at the bottom of the post.
Edit: Digging deeper (actually clicking on the donate button), I see https://pledgie.com/campaigns/22257 and it makes me sad. The video is dead, and it's unclear what donating will help with. Will it add new features? Is it to support ongoing development? Does the team have any previous work that shows what they're capable of?
If you want to improve your donation page, I think NeoVim[2] is a good example to follow. The author explains what NeoVim is, what's been done so far, what he'll do with the money, and why he's the right one for the job.
1. That didn't find it. It just scrolled the page so my eye noticed the button. You'd have to search for "sponsor" to find the widget.
feel free to contact me if you need more help finding out who this guy is. After looking into it a bit more, I think his last name might indeed be "Palaima".
I can dig for some more if needed as I do speak Lithuanian and would be happy to out this asshole.
I would suggest that this is not the right way to go about it and would like all to consider TomGullen's advice from this thread instead.
Problems:
- "doxing" is a bad practice from 4chan; it could reflect badly on this community and the organization behind it if some high profile case of doxing would come from YCombinator's forum.
- how much do you really know about the whole thing? You've heard one side of the story so far.
- It seems to me that people have no business "serving justice" or feeling "Dredd" from the safety of their computers in general. Standard legal measure have not been exhausted, and I'd rather suffer the occasional smalltime criminal than see civil society damaged by witchhunts.
I assume finding name and address are trivial in this situation once you go the legal route. Helping the OP with some information privately is of course helpful.
I'd recommend treating this as an opportunity in disguise. Whatever small amount of money you were making from ads and pledgie pales in comparison to the amount that I suspect you'd make if you were to offer paid versions.
Keep giving dsploit away for free for people who want that. Call it the 'Community Edition,' or something similar. But, also offer a paid version. Offer three tiers.
The bottom tier costs $nnn/year and entitles the user to nothing more than the Community Edition, but with the corporate appeal of saying that this software is commercially licensed. I note that the code is licensed under GPL v3. As long as you can get all contributors to sign off on this, this approach becomes even more viable. There are companies that have trouble with using GPL v3 software (yeah, it's dumb, I know), and having a GPL v3 package suddenly become not-GPL v3 can be incredibly valuable for them.
The middle tier costs some non-fractional multiplier above the bottom tier and entitles the user to support. Support can be nothing more than an email address: support@dsploit.net.
The top tier costs perhaps an order of magnitude more than the middle tier, is labeled Enterprise, and comes with priority support. As patio11 is fond of pointing out, priority support can be nothing more than a different email address that you simply answer first.
I would've cut down on communicating with the person. He's obviously illiterate and his income is fueled by fraud. In my experience, you give them a single friendly but frank email with 24 hours to respond and then you just have to go through the proper channels. In this case removing his domain.
I'd like to believe the good in people. But, this individual's conduct from the outset demonstrates bad faith.
Not getting into a fruitless debate and/or antagonizing somebody that doesn't have any interest in being reasoned with.
It's quite possible that he reported you to Adsense specifically as a petty demonstration of the "power" he wields. And while your site may have been your only income, his was probably one of dozens more, so it didn't really matter to him.
Short version: you had a lot more to lose and nothing to gain compared to him.
Yes. This is about picking your customer. If your customer is the advertising network then their desires are very different compared to, say, somebody who wants a network analysis tool.
It's a good idea to pick customers whose interests align with yours.
I think it falls under the definition of Cybersquatting as described here:
"Cybersquatting (also known as domain squatting), according to the United States federal law known as the Anticybersquatting Consumer Protection Act, is registering, trafficking in, or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else"
http://en.wikipedia.org/wiki/Cybersquatting
The US law is basically just the same as the cybersquatting provisions of ICANN's Uniform Domain-Name Dispute Resolution Policy, which is binding on all registrars worldwide.
ICANN UDRP is international so that would be one possible venue. Also, org's registrar is subject to US jurisdiction so it shouldn't matter where the registrant is located.
For those of us who are less familiar with dsploit, can you explain why it's crummy and dishonest? All I know about it I got from reading the project's summary just now. Ostensibly, it's a penetration testing tool. Penetration testing is a legitimate and necessary part of security auditing.
Can the tools and knowledge of the security industry be exploited by malicious attackers? Of course it can. But as the theory goes, blackhats are going to use the best available attacks regardless of whether whitehats publicize their tools and knowledge. Thus, it's better for legitimate developers to learn how to penetration test, share their tools, and spread knowledge of the exploits far and wide, so that legitimate developers the world over may know their enemy and better defend against attacks.
Is there reason to believe dsploit is anything more nefarious than a legitimate penetration testing tool?
"We offer email support in several languages for our publishers earning more than US$25 (or local equivalent) per week on a consistent basis."
If you're above that threshold, it's possible to ask for a clarification and some advice on improving the site content. Google's policies exist to make the advertisers happy, so maybe Google might be OK with some more visible clarification of what dsploit is or isn't. (The name certainly isn't helping if it's a whitehat security tool.)
Due to ICANN's new policies if you report incorrect or inaccurate whois data the registrar is forced to investigate and potentially pull the registration(s).
This will probably force the problem maker to go to a new registrar and also pay for privacy protection next time; at least you are increasing his costs.
You could also engage in a UDRP complaint if dsploit is a trademark; unregistered trademarks are harder to defend however.
> Suspending an account provides the publisher with 30 days to make the relevant changes to their sites. If you have been suspended, you’ll still be able to log into your AdSense account. However, no ads will be shown for 30 days, and you’ll notice a payment hold automatically added to your account. At the end of this suspension period, we’ll automatically re-enable ad serving, remove the payment hold, and monitor your account to ensure compliance.
However, there doesn't seem to be an appeals mechanism in the interim.
Sorry to hear that. You must have known that this day was coming though? Basically you were living on borrowed time from Google. If the revenue was that much of a priority to you, you should have laid much lower than you did and certainly not make threats to people who have no issue with doing fraudulent things.
If you lay down with pigs, you are gonna get dirty
If you play with fire you will eventually get burned
That trusting income from Google is a bad bet?
Or that he should not have threatened the spammer?
With regards to the threat - he did have a valid claim against the guy - he could have complained to the registrar and eventually had the spam domain confiscated.
As to relying on Google, Amazon, Paypal and friends to stand by you when things get tough... plenty of other people have made that mistake in the past.
Often they trust them because they have no other real choice. I'd watch this with more of a sense of 'there but for the grace of god go I'
Being moral isn't the same as being naïve, no matter how much harsh people tell you it is. It is a sign of moral strength to not immediately bite back.
Sending empty threats is dangerous and can be legally exposing. Either get a lawyer or forget about it.
Why in the heck would you send an email (with broken grammar no less) over something that might involve legal action? It's unfortunate but you're lucky to lose some ad revenue and not get sued.
I have a lawyer who can manage this thing, it's just not worth it. Regarding the grammar, English is not my native language (although this is not an excuse of course).
This reminds me of all the times I've read a passage online where the only indication that the writer wasn't a native English speaker was the apology for the (assumed) poor English.
One of the issues, is the lack of competition. Most small sites doesn't have much real alternatives when it comes to Adsense, and a ban could close you down.
I got banned a some years ago, because my girlfriend thought it would be a good idea to click on the ads on my website. She clicked once or twice a day, and thought she helped me... I have been banned ever since. So I welcome any competition in this space!
If I hired some people to click Adsense add on somedomain.com, could I get the site owner banned? Or do the clicks have to come from the same IP as the site owner?
1) Make sure your site complies with the AdSense TOS and then hope Google will restore AdSense eventually?
2) In the meantime, serve ads from a different ad network.
3) There are many other ways to leverage web traffic into revenue. Do a little research (or thinking). I see you now have a donation button. Many other possibilities exist.
4) The long game: File for a US trademark on dSploit. Apparently nobody currently holds a US trademark on "dSploit", for any purpose. Once you have the trademark, you can get some domain registrars to shut down anyone using dsploit TLDs.
I'm amazed that adsense was bringing in enough money to pay for anything. You generally need 100k+ visits a day just to break into minimum wage territory.
By minimum wage territory I guess you mean the range of $50 - $100/day? You must have a pretty low ecpm to only earn that much from 100k visitors/day. My experience is at least 6x that range.
My experience has been about $1 per 1,000 visitors. But that was a while ago and I didn't publish content about mesothelioma. Mostly programming stuff.
>The 48 hours takedown notice was indeed fake, I'm not the kind of guy who does this kind of things and usually I trust in human comprehension and intellect...
Well... good luck with that. Why would anyone have qualms about pursuing a legitimate take down notice?
The guy knows exactly what he is doing, there's really no chance they would stop it on your request.
The best way to tackle these problems is try and find copyright material of yours on his site, then keep issuing DMCA requests to his webhosts. We had someone copying large parts of our site in a similar fashion for similar purposes, it was a lot less effort for us to issue DMCA's and have his hosting accounts suspended than it was for him to keep signing up for new ones. It was a game of whack-a-mole but it worked in the end.
Trying to engage with them is often a complete waste of time, they will often be irrational and defensive which is infuriating. If you goad them into going into the offensive you are not going to come off well.
If you must communication with these people, I think it's best to keep tone neutral (not defensive or offensive), dry, entirely non personal (sign just with your company name, not an employees name) and concise. Replies should be well spaced so it appears a matter of non-urgency. Replies should also be designed to make response difficult (not keeping an open ended conversation going). Keep it as boring as possible for them. Unfortunately your first email to the person went straight into offensive mode, was personal, impassioned and appears urgent. Blogging about it isn't probably going to help either.
If he's not actually stealing anything from you, or doing anything illegal then there's not much you can do. Best course of action would be try not to care at all, and realise that he's probably actually not making any money at all. I'm not saying this to make you feel better, I strongly suspect it's the truth.
I do think it was a mistake not registering .org, a major TLD. As I understand it, changing domain ownership by force is a lengthy process. It would of just been easier to pay $10 a year for it.
If you want to be in a better position to protect yourself in the future consider a trademark.