Hacking Is console hacking not illegal or what?

[Joom]

@notimp, my lack of foul play? So, I have to give an example of a company pursuing homebrew? What? Again, a fallacy. I'm not arguing actual examples, because they're irrelevant. Usage terms are kind of there in plaintext.

 

[smf]

It makes NO SENSE whatsoever - to let the consumer buy a product, thats then unusable - unless he/she agrees to a EULA, he can only read - when they get home. That ought to be illegal.

If you don't agree then take it back for a refund, what is the problem?

but it seems such laws are unenforceable in practice, with lawsuits usually only persued when there's plenty of damages to claim, and results vary a lot between judges and jurisdictions.

Laws are only enforced when they catch you and they only do that if the motivation to catch you is greater than the resources available.

That doesn't mean it's legal.

I've got a question. If televisions and set top boxes could be modded as to not be able to receive any BBC channel. Would it be classed as illegal to refuse to pay the licence fee based on the fact we cannot watch or listen to BBC.

No, the UK law is written in such a way that you need a license to receive any TV broadcast when you are in the UK. Even if the broadcast itself is made from outside the UK.

If you have TV and set top box but don't use the to receive live broadcast (recording them for later viewing also counts as receiving a live broadcast) then you don't need a license. Until recently you could even watch iplayer on demand content without a TV license. For many years I legally didn't have a TV license. However the law has now been changed to require a TV license if you watch iplayer, if you don't receive live broadcasts and don't watch iplayer then you don't need a TV license. Even if the equipment is capable of receiving it.

Thats by the way why the "trick" with the DMCA is deployed. The argument is different - and it goes like this: Our software is "protected by technical means". You cant legally bypass said technical means, to analyze our product - because it would lead to usages that have an impact on our sales.

Yes and it's a good mechanism in the grand scheme of things. Most hacking is for illegal means.

Generally the people who argue the hardest about it being legal to hack are the ones with the guiltiest conscience.

Also - another interesting tidbit, when SONY sued Geohotz, the case ended in an out of court settlement, because - of course it did. We didn't want to create legal precedent, did we SONY?

It would have cost Sony more money to keep going, while Geohotz was being funded by donations. If you want to criticise anyone for avoiding setting legal precedent then it's Geohotz.

Sony just wanted him to stop, there was no realistic way of getting damages from him. It seems to have worked.

 

[notimp]

Edit: Oh, eff me - the US really is a *very bad* country for consumer rights...

Sometimes referred to as "shrinkwrap" or "click-through" agreements, they are efforts to bind consumers legally to a number of strict terms – and yet you never sign your name. Frequently, you aren't even able to see a EULA until after you've purchased the item it covers.

Although there has been some controversy over whether these agreements are enforceable, several courts have upheld their legitimacy.1 These days, EULAs are ubiquitous in software and consumer electronics -- millions of people are clicking buttons that purport to bind them to agreements that they never read and that often run contrary to federal and state laws. These dubious "contracts" are, in theory, one-on-one agreements between manufacturers and each of their customers. Yet because almost every computer user in the world has been subjected to the same take-it-or-leave-it terms at one time or another, EULAs are more like legal mandates than consumer choices. They are, in effect, changing laws without going through any kind of legislative process. And the results are dangerous for consumers and innovators alike.

It's time that consumers understood what happens when they click "I Agree." They may be inviting vendors to snoop on their computers, or allowing companies to prevent them from publicly criticizing the product they've bought. They also click away their right to customize or even repair their devices. This is a guide for the "user" in EULA, the person who stands to lose the most by allowing companies to assert that these click-through agreements count as binding contracts.

https://www.eff.org/de/wp/dangerous-terms-users-guide-eulas

Here are some provisions to be often contained in EULAs, named in the EFF article:

1. "Do not criticize this product publicly."
2. "Using this product means you will be monitored."
3. "Do not reverse-engineer this product."
4. "Do not use this product with other vendor's products."
5. "By signing this contract, you also agree to every change in future versions of it."
6. "We are not responsible if this product messes up your computer."

Fight the EULA
There is hope. Consumers, lawmakers, and activists can take action to reform EULAs. Like other consumer rights struggles, such as the push to make food companies label their products, fighting EULAs will require grassroots organizing and legislative change.

Dang it, the US really is a country of corporations, and consumer slaves - at this point...

*Good luck*

Here is some proof, that other (european) countries still have a concience:

German Wikipedia on EULAs, translation below.

In Deutschland sind EULA zu Standardsoftware nur dann Vertragsbestandteil, wenn sie zwischen Verkäufer und Erwerber der Software bereits beim Kauf vereinbart wurden. Das setzt die Möglichkeit der Kenntnisnahme bei Vertragsschluss voraus. Dem Käufer erst nach dem Kauf zugänglich gemachte Lizenzbestimmungen (zum Beispiel während der Installation oder als gedruckte Beilage in der Verpackung) sind für den Käufer wirkungslos.

https://de.wikipedia.org/wiki/Endbenutzer-Lizenzvertrag

Translation:
In Germany EULAs for standardized software are only a valid part of the contract, when they have been established between the seller and the buyer of the software before the purchase. This requires an opportunity of acknowledgment before the the contract is established. License modalities that the buyer only gets to access after the purchase (f.e. during the installation, or as a printed addition to the packaging) are invalid/void.

 

[Joom]

@notimp, that kind of implies that German buyers are already aware and knowledgeable of the EULA before purchase, which I would say is worse than the US. This assumes that the buyer automatically agrees to the terms before even purchasing. But yes, that is US law, and I will agree that it is unfair to draw inferences towards other countries based upon it. Regardless, most countries follow a similar model, or worse as expressed by your statement about Germany.

 

[notimp]

@notimp, that kind of implies that German buyers are already aware and knowledgeable of the EULA before purchase, which I would say is worse than the US. This assumes that the buyer automatically agrees to the terms before even purchasing. But yes, that is US law, and I will agree that it is unfair to draw inferences towards other countries based upon it. Regardless, most countries follow a similar model, or worse as expressed by your statement about Germany.

Thats not the case.

It says - that EULAs are null and void, in Germany, if they arent established (/cant be seen) before the purchase of a product. In our case, the store clerk would have to present us with a sheet of paper/tablet - before the purchase of every product, which is not whats happening. (As a POS experience this would kill more sales, than anything else.. )

Its also congruent, with the point, that hacking consoles is actually legal here - because of reverse engineering/understanding the thing you bought purposes. (Hackers can legally talk about their work at public conferences, not hiding their identity/names, ...) - so whatever the company writes into a EULA that no one gets to see until after they've bought the product - for us simply isnt legally binding.

Don't always expect the worst - there are still countries, where customer protection rules are worth more than the nonexistant sheet of paper to be printed on..

To go into a little more detail - with online purchases - we have to be presented with EULAs/TOS before the purchase as well (most often a *very small* link at the end of the page), and then have to give active consent (clicking a checkbox), before we are permitted to purchase a product by the vendor. (Thats the TOS of the vendor, not the TOS/EULA of the product - unless you are talking appstores, where both are the same)

In physical stores - this is impossible to be established (give consumers the opportunity to read a EULA before the purchase), so I assure you, that it is not the case.

edit: This is the legal principal the US is not upholding with their regime of how EULAs get handled in their country:
https://en.wikipedia.org/wiki/Culpa_in_contrahendo

Fun.

 

[Joom]

@notimp, you do know that hacker conferences exist in the US as well, right? Defcon in Vegas is a prime example. The talk of reverse engineering, and general product shit talk, really isn't fought. Welcome to the first amendment. It kind of defeats your point. The act of, however, like Germany, is (to an extent). Reverse engineering within the confines of regulations set by law and companies alike are allowed. CCC is in Germany for a reason, though. Bug bounties and malware research wouldn't be a thing here without that. It's also worth noting that a customer is able to open a purchase, read the EULA, and return the product upon disagreement even within the store the product was purchased. Nobody here in the US is forced to abide by a EULA/TOS. We get the exact same thing with online purchases. In fact, we are brutally made aware of the terms upon purchase/access by being bludgeoned with these agreements. We get these agreements in our face constantly. All of those things you listed are true IF one agrees to them. Also, the US isn't the country of corporations, but semantic assholes constantly looking to exploit our 300 year old laws. This is why copyright law is a constant fight here, especially when it comes to digital media. My favorite argument against piracy is "imagine your car was stolen, but it's still in your garage the next morning". The US government really doesn't know how to regulate this stuff, so they just tend to side with intellectual owners. Other governments are the same way, except China I guess, where it's all just a gigantic swap meet.

 

[notimp]

I recognize many of the points you are making - I dont agree on most of the suggested implications.

My main consideration here is, that - all the "proposed" loops in which a consumer, or hacker is supposed to have "choice" are suggested retroactively and will grant no factual protection or behavioral change - after the initial protection of law is lost - which it is, in the US.

- The customer that returns a product he has purchased after reading the EULA at home, probability wise, doesnt exist.
- The ability to refute a contract after the fact is not the same as, the necessity to go into a contract knowingly. It has different implications (f.e. what the contractual parties will try to ask for).
- The researcher, that is permitted to talk about his work, one day a year (because of public attention), but is restricted from doing his work the entire rest of the year, out of fear of retribution - is not "free" in doing his work
- Finding industry positive clauses (the corporate darling of reasonings), for why the research is permitted ("security purpose") - does only distract from a society that doesn't allow their members to look into systems and security measures for reasons not related to strengthening the grip the manufacturer likes to have on its closed ecosystem.

You cant get around the fact - that in the DMCA there are clauses for "establishing interoperability" and "understanding a product you own" - which are currently entirely subverted by the interests to be able to make a profit on closed ecosystems.

You can't deny - that the US upholds contracts as legally binding, that the majority of signees - never will be able to read, before agreeing to. Therefore giving them a status not different from an actual law - but entirely created by a private institution. Not in a fringe case - but in every (/most) purchase americans make every day.

That said, I understand - that the instituational principle of the CCC was important for our government as well, from a regulatory standpoint. But I don't believe, that we grant our researchers "special exemptions from the law, because they are members of a public club". If you have information that would lead you to think differently - I'd be interested in reading it.

 

[smf]

- The ability to refute a contract after the fact is not the same as, the necessity to go into a contract knowingly.

You're entering the contract when you accept the conditions of the EULA. You're too hooked on the idea that when you hand money over then you have entered a legally binding contract, when there are often conditions that allow you to break the contract and get a refund after the event (especially if you order something online).

You cant get around the fact - that in the DMCA there are clauses for "establishing interoperability" and "understanding a product you own" - which are currently entirely subverted by the interests to be able to make a profit on closed ecosystems.

"Understanding a product you own", sure knock yourself out but the DMCA then prevents you telling anyone how to circumvent any content protection.

"Establishing interoperability", this doesn't override the rest of the DMCA law. As long as you can establish interoperability without allowing content protection to be circumvented then you are fine.

When balancing interoperability against content protection they have said that they would er more towards interoperability on phones, but more toward content protection on consoles. Flash carts allow interoperability, but lots of countries have cracked down on them being imported.

This is no different from murder being illegal, but reasonable force when defending yourself could mean that you could kill your attacker. However it's not a free pass to murder someone because you feel attacked, it's more nuanced.

From my understanding in the US it's illegal to hack consoles and EULA are often found to be legally enforced.

 

[depaul]

It IS legal because IT ISN'T ILLEGAL.

 

[notimp]

You're entering the contract when you accept the conditions of the EULA. You're too hooked on the idea that when you hand money over then you have entered a legally binding contract, when there are often conditions that allow you to break the contract and get a refund after the event (especially if you order something online).

So you are handing over your money, then leaving the store, then taking the subway, then entering your home - and THEN the legal contract of you being able to use what you just purchased gets established. By you not reading a text, or unwrapping the thing (EULAs in your country also can be "shrink wrap" contracts).

Unwrapping, btw. is seen as the act of acknowledging the EULA in that case - probably so you cant bring the product back.

Quite a society you've built there.. Here - have some money, I'll hope I can get it back tomorrow, after I've read, what I've actually paid for.

"Understanding a product you own", sure knock yourself out but the DMCA then prevents you telling anyone how to circumvent any content protection.

Sure - its a conflict of interest. But you have a case where the exemptions (section (f) in the DMCA), for public interest purposes, get overruled by a list - aggregated by a third party (Library of congress), deciding on who gets on it, and who doesnt.

Copyright considerations (allow people to make money) cant overrule general societal interests of understanding products, that are sold to them, or generating intercompatibility that was prevented out of an interest to generate a sales monopoly. Just from a logical point of argumentation. But unfortunately that is what has happened here.

"Establishing interoperability", this doesn't override the rest of the DMCA law. As long as you can establish interoperability without allowing content protection to be circumvented then you are fine.

Same as above.

When balancing interoperability against content protection they have said that they would er more towards interoperability on phones, but more toward content protection on consoles.

Bob said so. He made the list.

The arguments given, are tailored to the result they want to promote. Wouldnt hold up as an actual legal text, but I guess thats what those product lists are for. So the content lobby paid more in party contributions this year, than the communications lobby? (I don't like the process of managing product categories on lists, that have actual precedence over the general law.)

 

[yardie]

why say "is it not illegal"
why not just say "is it legal"? lol

 

[notimp]

Gizmodo on the wonderful process of getting individual exemptions from Bob (The library of congress):
https://gizmodo.com/the-new-dmca-rules-dont-go-far-enough-1739174855

 

[osaka35]

It makes NO SENSE whatsoever - to let the consumer buy a product, thats then unusable - unless he/she agrees to a EULA, he can only read - when they get home. That ought to be illegal.

Didn't sony get sued and lost in the EU (maybe just great britain?) for the removal of OtherOS on the ps3? Something about features advertised that got removed in a mandatory update?

But if the manufacturer is free to do what they want with it after purchase, how are you the owner? You can't really tell them "no". The hardware itself is also copywritten, therefore, you don't own it. Send in a hacked console for repair, and see if it comes back still hacked. Let me know how successful you are. Again, you are essentially paying for the license to use the equipment. Sure, you can smash it, sell it, trade it, whatever. This still doesn't mean it's not the property of the manufacturer. This concept of ownership is horribly skewed because people seem to think that capitalism is fair. Go ahead and rig your gaming console to be a bomb. You can rest assured that the company's lawyers will come fast so that they can cover PR because public backlash against said act will be through the roof. Why? Because the general public is moronic, and that equipment belongs to the manufacturer. "Jimmy made a bomb out of his Xbox. Microsoft is to blame for making the hardware prone to being explosive." Yes, this is hyperbole, but if we're not going to argue semantics here I feel it necessary.

that's...a lot of different legal stuff and concepts conflated together there. I'll break them down.
-Ownership of the hardware : you own this, meaning you can use it to run your own code all you want with zero potential legal problems.

-license of code: You do not own this, meaning manipulation and lock breaking is in a grey area depending on local laws and other related stuff (see most of the rest of the comments)

-making a bomb: Illegal, and not related to video game hardware at all. Would have the same result if you sent a bomb in a box; the hardware is moot

-using a repair service: by sending your hardware to them, you are giving them permission to alter your hardware. They own the software, so they can do whatever to that part. You are giving them permission to do this, by sending it to them. They cannot do it without your permission.

-copyright of hardware: the look and certain aspects of a piece of hardware are..."copyrighted" insofar as you cannot release your own look-alike version and cause market confusion. probably easier to think of this as more...trademark than copyright. This is more about protecting their name and brand, and doesn't really impact the end-user's rights to usage of the bought hardware.

edit: Oh yeah, forgot to mention. You owning the hardware is why you can resell it. You normally wouldn't be able to sell it if you didn't own it. Since the software requires that hardware, I guess it's a bundled deal and you're not really selling the software. You can even sell modified hardware, even hacks, but you can't sell copyrighted materials like roms and whatnot. I'm guessing the distinction is the software is required for the hardware and you own the hardware? Someone with more legal prowess than me will have to comment, but either way this fact supports ownership of hardware. Another reason to buy physical over digital

 

[Naendow]

Btw, there are countries where the developing of homebrew is more or less illegal. Afaik, Britain i.e. says that Reverse Engineering (which is a big part of developing a way to hack a console) is illegal.

 

[osaka35]

Btw, there are countries where the developing of homebrew is more or less illegal. Afaik, Britain i.e. says that Reverse Engineering (which is a big part of developing a way to hack a console) is illegal.

very anti-consumer, that perspective. You can't really copyright processes, and this should fall into that category...but whatcha gonna do.

 

[Naendow]

very anti-consumer, that perspective. You can't really copyright processes, and this should fall into that category...but whatcha gonna do.

I don't know any hacker that was sued or similar in the UK. MrBean35000vr has made CTGP-R and also wasn't sued, arrested or anything like that. So I think that no one there is really interested in stuff like that.

 

[Ichii Giki]

But if the manufacturer is free to do what they want with it after purchase, how are you the owner? You can't really tell them "no". The hardware itself is also copywritten, therefore, you don't own it. Send in a hacked console for repair, and see if it comes back still hacked. Let me know how successful you are. Again, you are essentially paying for the license to use the equipment. Sure, you can smash it, sell it, trade it, whatever. This still doesn't mean it's not the property of the manufacturer. This concept of ownership is horribly skewed because people seem to think that capitalism is fair. Go ahead and rig your gaming console to be a bomb. You can rest assured that the company's lawyers will come fast so that they can cover PR because public backlash against said act will be through the roof. Why? Because the general public is moronic, and that equipment belongs to the manufacturer. "Jimmy made a bomb out of his Xbox. Microsoft is to blame for making the hardware prone to being explosive." Yes, this is hyperbole, but if we're not going to argue semantics here I feel it necessary.

The manufacturer is not completely free to do what they want with your hardware after purchase. Getting a system updated during repair service is not the same as having free reign over usage of the device. You can absolutely tell them no and refuse service if they insist on updating a device to repair it just like they can refuse to fix it. You are paying for a license to use the software and yes, in most cases the hardware can't really operate without the software, but that physical instance of the hardware is YOUR property.

Only the hardware design is copyrighted, so you can't go making physical copies of the device for personal gain (as in you can't sell them, you could totally make copies of the physical shell for example and give them away for free). The company can't just take it and refuse to send it back to you, for example (at least not without providing compensation of some sort). If you didn't own your physical instance of a device, I'm pretty sure the company would be upset (and impose penalties most likely) if you smashed/traded/resold it/etc. This is the difference between hardware sales and lease agreements. In a sale, you become owner and hold ownership over the property you have purchased. If we were specifically signing lease agreements for such devices, then yes, in that instance we wouldn't own them (just like leasing a vehicle).

It is illegal to rig your console to be a bomb if you intend to use it for harm against another person/entity, but in a general sense, you could short the battery on your Switch and set it off at a bomb range all you want as long as you don't cause harm to anyone/their property. Lawyers would have nothing to say in this instance if no physical damage was done to others.

 

[Ryccardo]

Didn't sony get sued and lost in the EU (maybe just great britain?) for the removal of OtherOS on the ps3? Something about features advertised that got removed in a mandatory update?

They did (and they are, right now, in a class action in the USA - in fact you can still sign up for a partial refund until the 15th)

It wasn't really about the update, but "simply" about products being fit for the purpose they're advertised for (or reasonably expectable of): you bought a Linux machine, it doesn't work as a Linux machine, you have the right to a fix/replacement/refund, same principle as the famous "EU warranty"

(The update is technically optional... oh wait, the same product was also advertised as being able to connect to PSN)

 

[Samus20XX]

mods can you purge this thread please.

like, c'mon dog. use google.

 

[notimp]

Googling "is console hacking legal" now shows this thread pretty high up.

Also - at least for the US, it wasn't "easy" to actually find out. At least I stepped into the two pitfalls out there.

1. There are exemptions to the DMCA that according to the principals they are introducing, and according to their actual wording, should make console hacking legal - but it turned out, that the general law is basically null and void, if your product is not on a list of DMCA exceptions created by the Library of congress - thats been publicly criticised for showing tendencies that could be defined as technological illiteracy.

2. We then had a discussion in here if EULAs could actually be legally valid vehicles to prevent people from reverse engineering systems, regardless of all exemptions given in DMCA § 1201, and apparently thats the case as well, because the US treats license agreements as vehicles for private law, that become actionable well after you've purchased the product, and can include clauses, that those laws may change at any time - without the need for you to give further consent. Which apparently is also legal in the US.

We've also learned, that judges time and time again enforced this interpretation - although all case laws before the establishment of the DMCA trended in entirely the opposite direction.

Which lead to as discussion about US consumer protection laws being entirely non existent in this space at the current time, which actually was interesting to have. We've also learned, that in the US the legal principle of Culpa in contrahendo (both parties should have the opportunity to read a contract, before it becomes legally binding) was dropped in the 1980's. (see: https://en.wikipedia.org/wiki/Culpa_in_contrahendo )

We've linked articles from the EFF, and journalistic outlets. Commentaries about the legal state in the US from other communities, and talked about the fact, that since 2015, no one cared to write articles about this any more.

We've talked about, why it might not be a good thing for a western democracy to generate lists about "which devices, could still be publically understood - and which could not, following entirely profit oriented reasoning"...

So this thread was actually productive.

And contains more information than just a simple google search.

I've also mentioned, that some of todays silicon valley giants were entirely founded on the principal of reverse engineering IBM computers, then copying them - and selling them into the market undercutting IBM. We talked about the difference between ownership and licensing, and that regardless of what many people think, ownership of electronic devices is still a thing in 2018.

Also - there were some pretty astonishing findings, like - EULAS can become legally binding in the US - without anyone actually acknowledging that they have read them, or that for the US "content protection" overrules all public interests, apart from maybe security research, on certain product categories. And that there is a person (I called them Bob) that decides this for every product, every year. (Then again, we haven't heard from Bob since 2015).

We've also learned, that the Library of congress argues the following concerning consoles: "As consoles are primarily used for gaming - allowing them to be reverse engineered, would lead primarily to gaming piracy - so it will not be allowed." No further reasoning given. One truism should me sufficient.