Flight-Sim Maker Threatens Legal Action Over Reddit Posts Discussing DRM

An anonymous reader quotes a report from Ars Technica: Today's controversy begins with a Reddit thread that noted FlightSimLabs' A320 add-on installing "cmdhost.exe" files in the "system32" and "SysWOW64" folders inside the Windows directory. The strange filename and location -- which seems designed to closely match those of actual Windows system files -- made some Reddit users suspicious, especially given FlightSimLabs history of undisclosed installations. FlightSimLabs responded on Facebook last Thursday by saying that the files came from third-party e-commerce service eSellerate and were designed to "reduce the number of product activation issues people were having." This system has been acknowledged in the FlightSimLabs forums in the past, and it apparently passes all major antivirus checks.

The "controversy" over these files might well have died down after that response. But then FlightSimLabs' Simon Kelsey sent a message to the moderators of the flightsim subreddit, gently reminding them of "Reddit's obligation as a publisher... to ensure that any libelous content is taken down as soon as you become aware of it." While ostensibly welcoming "robust fair comment and opinion," the message also warns that "ANY suggestion that our current or future products pose any threat to users is absolutely false and libelous." That warning extends to the company's previous password-extractor controversy, with Kelsey writing, "ANY suggestion that any user's data was compromised during the events of February is entirely false and therefore libelous." "I would hate for lawyers to have to get involved in this, and I trust that you will take appropriate steps to ensure that no such libel is posted," Kelsey concludes. A follow-up message from Kelsey reiterated the same points and noted that FlightSimLabs has reported specific comments and demanded they be removed as libelous.

Re:

[Kaenneth]

Yeah, but then DRM will refuse to run.

Re:

[sabri]

Various tools exist to allow you to create read only versions of your system.

Various OSes already implement that by default. Have a look at FreeBSD's runlevels.

Re:

[fisted]

FreeBSD doesn't have runlevels, which are a System V concept.

You're probably thinking of securelevels [freebsd.org].

Re:

[sabri]

You're probably thinking of securelevels. /quote I stand corrected.

Inform that ass about the "Streisand effect"

[Anonymous Coward]

Somebody send that pompous jackass this link:

https://en.wikipedia.org/wiki/Streisand_effect [wikipedia.org]

Re:Inform that ass about the "Streisand effect"

[Applehu Akbar]

This isn't the UK. So long as you don't make anything up, you're bulletproof against libel.

Re:

[mark-t]

Bulletproof against libel perhaps... but truth is not always a defense against defamation. There have been rare precedents where a person was found to be telling the truth, but still lost a defamation case.

That said, truth remains the most consistently reliable defense to such a suit, but one should be aware that extenuating circumstances may exist where that defense will not be sufficient. In particular, if the comments are found to have been made with deliberate malice and intent to cause harm, trut

Re:

[Applehu Akbar]

Didn't the libel reform of 2013 establish truth as an absolute defense, as in the US?

Re:

[mark-t]

Truth is generally considered the *best* defense against an accusation of defamation, but if the comments were made with any obvious malice or superfluously so as to cause harm where none should have reasonably occurred, then truth alone will not necessarily be adequate.

I have heard of one case in the USA involving an employee of a company who was terminated for reasons that might have superficially seemed as if he had been caught stealing from the company when that was not the case. The company had pu

Re:

[mark-t]

It's my understanding that in the UK, if some allegedly defamatory publication or pronouncement results in what is considered a "breach of peace", unless there was some demonstrable public benefit brought about by the revelation, or unless there was some reasonable intent to provide public benefit, then the truth behind allegedly defamatory claims alone may not necessarily be sufficient as a defense against a defamation suit. This is, to the best of my understanding, more or less the same as it is in th

Re:

[mark-t]

No, I was thinking of USA law, actually. Truth is not always a defense for defamation [aaronkellylaw.com].

It's still generally the best defense, however... and probably 999 times out of a thousand would be entirely sufficient.

Re:

[mark-t]

That's my understanding as well... my point was only that the truth of any allegedly defamatory remarks may not always be sufficient to defend a defamation lawsuit, particularly when there is a malicious or mischievous intent, and is therefore *not* really bulletproof by itself/

Of course, if even truth of one's remarks isn't going to defend them from a defamation lawsuit, then I doubt anything will... so in that respect, it remains unconditionally the best single defense there can possibly be.

Re:

[AmiMoJo]

Sadly your wallet isn't quite so invulnerable to being sued for libel. If someone with money sues you in the US, even if it's without merit, you had better have deep pockets or be extremely lucky.

Re:

[0100010001010011]

I completely forgot this happened and moved on in today's news cycle.

Until they pulled this. Man are they stupid.

Re:

[jwhyche]

Doesn't things like this give you warm fuzzes all over? Makes you just want to run right out and buy their product. Oh wait, maybe not.

Re:

[nitehawk214]

Also, the word gullible is not in the dictionary.

Re:

[fisted]

No, the problem is in front of your keyboard, or phone, or whatever.

Re:

[kenwd0elq]

It works for me.

Trojan Horse is Trojan Horse

[forkfail]

Even if these are executables are benign now, they have names that might cause folks to ignore them and their activities. So, we start off with names for their "security" binaries that those who are more cautions about such things might describe as being already at least somewhat deceitful.

And who knows what additional functionality might be added in an update?

Of course, I am sure that no software publisher would ever do anything malign like I might have unintentionally implied. I am sure that FlightSimLabs is a completely honorable company with nothing but the best interests and well being of their customers in heart and mind. So, this is all just a ridiculous hypothetical.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Jason Levine]

This isn't intended to get to the discovery process. They want to silence any criticism by calling it "libelous." If anyone challenges them, the company will either a) not sue at all, b) sue for a lot of money and then try to settle out of court, or c) sue for a lot of money and then drop the case when the person doesn't back down. They intend this to threaten and intimidate people, not to actually win a lawsuit.

Wait

[Actually, I do RTFA]

I know that DCMA and Safe Harbor laws allowed copyright holders (and trademark holders) to get content taken down. But I thought that libel was something that forum sites were protected against. Otherwise, why is Musk/Trump/Hillary not getting every anti-Tesla/pro-Muller/anti-PrivateEmailServer story taken down from /.?

Re:

[The Fat Bastard]

Otherwise, why is Musk/Trump/Hillary not getting every anti-Tesla/pro-Muller/anti-PrivateEmailServer story taken down from /.?

Public figures have a reduced right to privacy than priviate citizens.

Re:

[Actually, I do RTFA]

Oh, I should have pointed out, IANAL.

Re:Wait

[fahrbot-bot]

But I thought that libel was something that forum sites were protected against.

FlightSimLabs said, "I would hate for lawyers to have to get involved in this," because they would probably lose a libel fight against Reddit. They would hate that.

Re:

[SuricouRaven]

They don't have to win. They just have to make losing expensive enough for the other side that Reddit's owners would rather just delete any posts which might invite legel action.

Re:

[ooshna]

I have a feeling Reddit can outlast them.

Re:

[Curunir_wolf]

I have a feeling Reddit can outlast them.

HA! Right. Because Reddit has such a clear history of defending their users and their right to post content....

Re:

[ooshna]

I'm just saying if they tried to go after Reddit itself for libel.

Re:

[AmiMoJo]

Well, yeah, they do actually. When you consider how much content is on Reddit that would be removed from other sites immediately, they actually pretty liberal about what content they host.

In other news, the owners of Gab.ai threatened to get the police involved [gizmodo.com] over threats made against them on their platform. Last year they removed a couple of posts at the request of corporations too. Turns out that expecting unlimited freeze peach is somewhat unrealistic.

Re:

[HiThere]

If Reddit profits from visits, then they might well profit over defending against a malicious and frivolous lawsuit by an company unpopular with their audience.

Re:

[phantomfive]

FlightSimLabs said, "I would hate for lawyers to have to get involved in this,"

ROTFL that's when you can be sure that they are going to lose a case and they know it.

Re:

[Jason Levine]

Saying "I would hate for lawyers to have to get involved in this" is the non-mafia way of saying "this is a nice place you've got here, it'd be a shame if something HAPPENED to it."

Re:Wait

[dissy]

But I thought that libel was something that forum sites were protected against.

No, actual legally defined libel has no specific protections.
The site when served legal papers requesting it, is supposed to pass on the information they have about the poster. Failing to do that can very well make the legal buck stop on the sites shoulders.

But that isn't really the issue here.

The questions are if the comments even qualify to potentially be libel, and if and only if so, did a court deem them so.

Options by definition can never be libel or slander.
Claims to facts are the only things that potentially can be libel or slander.

This alone makes the companies claim dubious, when they word it as "ANY suggestion that our current or future products pose any threat to users is absolutely false and libelous"

Posting "I think they would do _" can never be libel, as it is an opinion that can't be proven.
Posting "They have done _" however is a fact, and if found to be a false-fact may qualify as libel.

Both libel and slander are forms of tort law (libel being a written tort and slander being a spoken tort)
https://dictionary.law.com/Default.aspx?selected=1153 [law.com]

Specifically:
" It is a tort (civil wrong) making the person or entity open to a lawsuit for damages by the person who can prove the statement about him/her was a lie."
"Publication need only be to one person, but it must be a statement which claims to be fact and is not clearly identified as an opinion."

and to your question about websites or forums being protected:
"Most states provide for a party defamed by a periodical to demand a published retraction. If the correction is made, then there is no right to file a lawsuit. "

Re:

[Actually, I do RTFA]

The site when served legal papers requesting it, is supposed to pass on the information they have about the poster. Failing to do that can very well make the legal buck stop on the sites shoulders.
But that isn't really the issue here.

I think it's a more important point. I don't really give a shit about some software I've never heard of. I care about the equivalent of DMCA takedown notices being slung around whenever someone is insulted^W^W thinks they were libeled by a forum post.

Re:

[Dragonslicer]

Posting "I think they would do _" can never be libel, as it is an opinion that can't be proven.

Just to clarify, starting a sentence with "I think" does not automatically make something an opinion that is immune to a libel lawsuit. "I think FlightSimLabs is a sleazy company that isn't above hiding some malware in their product" would most likely be considered an opinion. "I think John Smith embezzled $10 million from his employer" is not an opinion.

Re:

[dlingman]

"I think..." may save you from libel, but opens you up to defamation.

Reminder kids, get your legal advice from Legal people, not facebook/wikipedia/slashdot.

Re:

[TVmisGuided]

The absolute defense to a charge of libel (or, if verbal, slander) is truth. FlightSimLabs should keep that in mind.

That's as far as I go.

Re:

[nasch]

No, actual legally defined libel has no specific protections.

Maybe not specifically, but service providers generally cannot be held liable for anything someone else writes, including users of their platform. https://en.wikipedia.org/wiki/... [wikipedia.org]

good-faith security research is an DCMA exemption!

[Joe_Dragon]

good-faith security research is an DCMA exemption! so they should take it court.

Re:

[jedidiah]

> You do not make legal threats on the Internet. It should be rule 71. Or 86.

You don't make threats against free speech unless you have something to hide.

FlightSimLabs' Simon Kelsey says ...

[Anonymous Coward]

... "please do not buy our product".

Got it. Won't touch this with a 100M pole.

Great marketing there, guys.

oh. this isn't going to go well for them.

[Thud457]

no, it distinctly reads as "please rape my company. burn it to the ground, internet. You don't have the LULZ, 4chan!"

Barbara Streisand...

[kaatochacha]

Is that you?

the reasonable way to handle this ..

[miller701]

I guess the reasonable way to handle this would be a sticky post at the top and make people click through to see the detail.

sound good?

So, they have a time machine?

[fahrbot-bot]

... the message also warns that "ANY suggestion that our current or future products pose any threat to users is absolutely false and libelous."

I wasn't aware that FlightSimLabs could see into the future.

Re:Libelous??

[bobbied]

Ah, yes.. Triggered are we?

I think a lot of people need a crash course on what the 1st amendment (or any right recognized by the constitution) means and doesn't mean and what legal "rights" they protect and from whom..

The US Constitution is pretty clear that it is designed to describe how government works (specifically the federal government) and the bill of rights is designed to tell the government what it may NOT do, what rights the government may not limit.

The important thing to realize is the 1st Amendment only says the government may not infringe your right to speak what you like, publish what you choose or practice your religion. So if Reddit wishes to take your posts down, they may, as they are not the government. Now if Reddit was government owned or the government was ordering Reddit to remove or censor posts, THEN there would be an issue.

Re:

[Narcocide]

He's not triggered, he's just some shill trying to sow canned discord. He's probably not even American.

Re:

[q_e_t]

That's not what the 1st Amendment means. If it did mean that, then there would be no libel laws as they'd have been struck down as unconstitutional over a century ago.

Re:

[BranMan]

Libel laws are perfectly constitutional. There is no conflict with the First Amendment. By the First, there can be no law restricting your freedom of speech. And Libel laws do NOT restrict you from saying anything you want. BUT the Libel laws do allow for someone to sue for damages caused by *what* you are free to say.

Get the difference? It is subtle, but it is there.

Re:

[bobbied]

Why is it a good idea for the government to protect free speech and allow petitions for redress of grievances, but it's not a good idea for reddit?

Why shouldn't reddit follow the good idea that the constitution laid down for government?

The question I'm dealing with is what is legal for Reddit to do. You want to ask if it's right or not. The two questions are not the same. The constitution only addresses what is legal, each individual must decide for themselves what's right. Given it's up to you and me to decide if it was right or wrong and we are free to decide differently, I see no point in debating the moral or ethical. It is legal for non-government entities to censor speech in any way they choose so Reddit is on legal ground if t

Re:

[bobbied]

Freedom of speech is a Western cultural concept that goes much farther than the government.

I'm not going to disagree with the cultural concept, but I was pointing out the legal constructs in play. The first amendment basically is saying that each person is allowed to decide for themselves what is right and is free to express their opinion and their reasons for believing what they believe. The government may not (and indeed, couldn't if it tried) control this freedom. Both Reddit and the author have the same rights here, the government may not get involved. Reddit is free to remove posts as th

Demonstrably false

[K. S. Kyosuke]

ANY suggestion that any user's data was compromised during the events of February is entirely false and therefore libelous

Screenshots were produced by an employee of the company depicting the compromised accounts of an individual. Not only makes this the claim not a libel but someone at the company is apparently guilty of CFAA violation.

Re:

[q_e_t]

It's a foreign company abroad, AFAIK, so a USA act may not be relevant, or at least hard to enforce.

Re:

[K. S. Kyosuke]

I think I've seen someone mention that they're incorporated in Delaware, but I might be wrong.

Re:

[q_e_t]

Its forum mentions statements being made in Manchester, which I took to mean Manchester UK, but it's hard to be sure.

Translation

[Jfetjunky]

"I would hate for lawyers to have to get involved in this"
Translation: "I'm pretty sure I don't have a case here, so let me try intimidation first".

Re:

[bobbied]

Personally, if somebody said that to me and I was ticked, the first thing I'd do would be hire a lawyer to send a strongly worded letter that says nothing but "Maybe I will, maybe I won't, but take it up with my lawyer you fools" back that pretty much guarantees they have to get a lawyer involved to make sure I'm not threatening to sue them...

So, you would hate getting lawyers involved? Well, I hate having to deal with your PR tripe, so now we both have something to hate.

Re:Translation

[F.Ultra]

Myself I would just tell Westboro Baptist Church that FlightSimLab is a GayLesbian simulator and watch the fallout.

Re:

[Sloppy]

Oh no, that's exactly what they were trying to avoid! Is there a version of the Streisand Effect for libel?

And over here we have Barbara Streisand house

[BLToday]

I haven’t been keeping up with flight sims for years but if I come back I’ll keep them on my don’t buy list.

file name looks like an virus if any thing they ne

[Joe_Dragon]

file name looks like an virus if any thing they need to make so the #1 link of google is says that it's safe and it's part of the app. And also give easy to read detail on why it's named that and not say FlightSimLabsdrm.exe

I kind of feel sorry for them

[DreamMaster]

I kind of feel sorry for them. I've worked as an IT professional for small companies for my entire career so far, so I can understand the frustration that could come from rampant piracy, particularly for such a nice market company that probably doesn't have much in it's bottom line to begin with. Whilst it doesn't entirely excuse any bullying tactics they did against Reddit.. given some of the vitriol (and I'd even go so far as to say "rabid" for some comments I've seen) is so excessive that I could understand how upset it could make them.

Keeping in mind that even in the "furore" from back in February, whilst they did distribute malware in one of their packs, my recollection is that it was explicitly designed to only activate for a single specific user that had been rampantly pirating and distributing their software. I can understand how frustrated that piracy could make them, particularly if they were unable to identify the culprit any other way. Let's face it.. law enforcement agencies like the FBI (or their country's equivalent) likely wouldn't make piracy done against small companies a major priority. I'm not saying that it wasn't ill advised, but it seems like all too many people are using the instances to jump on a "let's insult them / they're the bad guys" bandwagon.

Re:I kind of feel sorry for them

[HiThere]

So you're saying you remember the company committed interstate felony, but we should forgive them, because we weren't the target?

I don't really follow your reasoning. And if your statements are true I don't understand why the company isn't in federal court as a defendant.

Lets make some "libel"

[Pinky's Brain]

FlightSimLabs (FSLabs) admitted to distributing remote hacking tools, intending to use them illegally. Any company who requires normal application software to be installed with admin rights is run by morons and anyone who actually installs such outside a VM is likewise. Especially after the company by their own admission proved themselves to be a criminal organization as well as criminally incompetent.

Re:

[tlhIngan]

Any company who requires normal application software to be installed with admin rights is run by morons

No, it's perfectly reasonable to require installation to require admin rights. I mean, you can't install Linux applications without admin rights eitehr.

It's required to put files in user-protected locations, like /bin or c:\Program Files\ so users don't go accidentally mucking up installations.

If a user can install stuff to system wide locations without admin, they can easily replace said system wide stuf

Re:

[AmiMoJo]

Programs can install to AppData without admin rights. It's what most Google products do, for example.

The advantages are no admin rights / UAC prompts needed. The app becomes part of the user's network profile and can follow them around with their other data. That can be an issue if the app is very large though. It's also a per-user thing, so if three local users want the app it has to be installed three times.

I suppose that since this flight simulator is likely to be gigabytes in size AppData isn't suitable

Re:

[drinkypoo]

If applications want to update themselves without privilege elevation, then they pretty much have to install into your home directory or another, similar location. I don't really want applications to do that, though. It causes problems in a variety of ways, like when minecraft pulls an inept april fools' or when you don't have disk space for an update because some long-running process is producing output as you intended and then some update you didn't throws a spanner in the works.

Re:

[Sigma 7]

Steam on Windows doesn't ask for admin privileges either, because it operates via a service that has admin privileges.

Steam can operate on Linux in the same fashion. It installs games in a way where it doesn't need the user to call root - either it's in a location where the user can freely write to, or it can do a background escalation without the need for user intervention.

Re:

[Sannemen]

Actually, not necessarily. Windows has the Virtual Store functionality, which a user to "overlay" a folder from inside his own home directory into c:\program files . While I don't believe it's how Steam operates, it is how a series of other software uses "c:\program files" without admin access, in a user-specific way. See https://stackoverflow.com/ques... [stackoverflow.com] for details.

Re:

[Sigma 7]

Steam places the files directly in c:\program files (x86)\steam\steamapps\common via the Steam service. It's unaffected by the virtual store, and it would be bad if it did use it because it would result in an installation per user.

The Windows Virtual Store applies to older programs that still save files in the directory they're running in, and places them in c:\users\{profile}\appdata\local\virtualstore - it's only meant for those older games/applications that store their .ini files in c:\windows, or wherev

Does wetware compromise count?

[davidwr]

"ANY suggestion that any user's data was compromised during the events of February is entirely false and therefore libelous."

The fact that the filenames were confusingly similar to Windows filenames is not in dispute.

The fact that this confusion caused the users to believe that their data may have been compromised does not seem to be in dispute.

The fact that the users' data that is held in their brains - that is, what they reasonably believed to be true (i.e. that their computer was compromised when [if the

Shitty Company does shitty things

[nitehawk214]

This is the company that installs password loggers [threatpost.com] on their customer's computers. Why anyone would still do business with them is beyond me.

True as far as it goes, but doesn't go far enough.

[jbn-o]

To be fair, every major proprietor has distributed malware and people still do business with them (proprietary software is often malware [gnu.org]) and even people who ought to know better still choose proprietary software despite that proprietary software is inherently untrustworthy. I agree with your sentiment that one shouldn't choose to be abused but I think the fix isn't to focus on a particular proprietor or even a set of proprietors, but to see that the system of non-freedom is the real problem.

Wow, stupid

[Chris Mattern]

And now conversations of your DRM are not just on reddit, they're all over the net. Welcome to the Streisand effect, guys.

"passes all major antivirus checks"

[Sloppy]

it apparently passes all major antivirus checks

Ah, the proprietary software world's version of a security audit.

It obfuscates itself like malware, smells like malware, but the suspected attacker says it's not malware. Therefore: it's safe and doesn't work against the user's interests!

info@flightsimlabs.com

[thechemic]

Don't forget to tell them how you feel.

Interesting

[nehumanuscrede]

Why would they name their files to so closely match official Windows files KNOWING the first thoughts anyone will have will be along the lines of trojan, malware, virus ?

Why not name the damn things to reflect the program that installed them ?

Time to contribute

[Trogre]

Well, time to contribute more to the Open Source FlightGear and put these jackasses out of business.

So, I'm reading...

[Chewbacon]

...you can prove anything, so STFU or we will sue.

Link

[sneurlax]

If anyone else is interested in the password-extraction incident alluded to in the summary, here's a writeup: https://medium.com/@lukegorman... [medium.com] Outstanding!

UPDATE: They pulled it. See blog post.

[TheHawke]

https://forums.flightsimlabs.c... [flightsimlabs.com]

Burden of proof

[xanadu113]

Burden of proof rests with the defendant? So they're supposed to testify against themselves? Glad he's not a lawyer!

Re:

[arth1]

IANAL but Reddit is skating near Defamation per se.

Doesn't defamation require fame, not infamy?

Re:

[q_e_t]

Skirting, not skirting near, surely, as skirting already implies proximity?

Re:

[HiThere]

It may not be libel even if it isn't true, if it's stated as an opinion. E.g., were I to claim that "I feel the would would be improved if Flight-Sim went bankrupt.", then even if I were to not actually feel that way, it still wouldn't be libel. OTOH, were I to state "The world would be improved if Flight-Sim went bankrupt." I might need to prove that it was a true statement to avoid libel. Or at least I might be libel for libel if they could prove it was a false statement.

OTOH, IANAL, so take these comm

Just do it the FOX way:

[Anonymous Coward]

Do not say "I think you are an alcoholic piece of shit and should go fuck yourself.".

Say: *"America* thinks you are a unit of excrement and should go fornicate with yourself, *anonymous sources report*."

It is saying the exact same thing, but curiously, this is OK in US society bot the former is not.

I do not know why, as apparently, I am not from this planet.

Re:

[Cajun Hell]

I hear things. That's what people are saying.

Re:

[q_e_t]

Opinion doesn't necessarily meet the criterion of being potentially libellous, as you demonstrated. What you said doesn't even suggest anything negative. You could be saying "I hope company X goes out of business because they are a rival". If you said "In my opinion, all products by company X are terrible" it would be a bit more comparable.

Re:

[Bobrick]

Windows didn't make this company do this.

Re:

[Bobrick]

Please define "eurotrash" so everyone can point at you and go "see folks, this is how not to be a human being".

Re:

[NicknameUnavailable]

So you agree with stiffing free speech? Free speech which alerts consumers to corrupt corporations spying on them at that? You, you are a prime example of eurotrash.

Re:

[Bobrick]

Again, what does this have to do with the word "eurotrash"?

Re:

[NicknameUnavailable]

I would expect eurotrash to comprehend.