Jump to content

Navigraph claims I pirated them, gave them proof I didn't, still took my money.


max2770

Recommended Posts

So, 2 days after the cycle 1402 came out, I get a message from Navigraph telling me that I shared my copy of the 1402 cycle, and that they suspended my account and kept my money (1401-1413 subscription).  Since I didn't share it and quite frankly don't even know how, I was surprised.  I replied to them, and they replied back that since they have a digital watermark on the files, they know it's mine.

 

Well, the hunt was on.  A lot of back-and-forth with my ISP ensued, and I dug through my computer for hours trying to find what the heck had happened.  After 12 days, after at least 6 hours on the phone, reading through countless forums and some tech-savvy friends, I figured it all out. 

 

On February 6, 2014, at or around 08:37EST, an attempt to circumvent the remote access protections of my computer was made by a hacker, using the IP [94.75.207.18].  That address is a Tor network exit node, and is named [torrific].  No contact information could be found.  It is located in the Netherlands.  My firewall was, at that time, configured to block incoming connections from the Tor network.  It worked, and the hacker did not gain access.

 

At or around 08:49EST, another attempt to enable remote access on my computer was made, presumably by the same person or group.  This time, they used an anonymous proxy located in the Republic of Moldova, IP [87.248.172.90].  No contact information is available.  This time, unfortunately, my software was not properly configured to block the attempt, and the hacker got access to my system.

 

At that time, I had a remote connection hostname on my poorly configured, very basic web server.  I also had a system password that was an English dictionary word.  Anyone who had the hostname, and ran a simple dictionary attack, could gain access to my system.  It was an oversight that has now been corrected.  The Windows remote access was used to access the Navigraph data, and a number of private documents.

 

Of course, the same day, Feb. 20, I sent all this info to Navigraph.  Well, I still have to hear from them.

 

------------------

 

What it all comes down to is, because someone hacked me, they took my money.  It's just not how one does business.

 

I have been proudly serving as an EMT-Paramedic for the last five years, and have worked in the security and loss prevention field for years before that.  There is no way I would put such a rewarding career on the line for something like that.

 

While I fully support any company to enforce their intellectual property, I think I have given every proof I can to clear my name from this.

 

From day one, I gave them my full and complete personal information, address, phone number, Paypal address, filed a police report, all things hackers do...  I don't even know how to share a file, the only file sharing program I ever used was Napster, and I think it was in 98 or something.  I'm the only geek I know that is into flight simulation, I'm known as Paramedic at fs2004.com/flightsimworld.com since '04, with 3,600+ posts, and always have been against piracy in all its forms.

 

I really do like Navigraph, they have a great product and great support, and I fully support cracking down hard on pirates - but I did all I could!

 

I really don't know what else I can do to clear my name from this.  I understand their reaction and don't want anything in return - I just want my subscription reinstated.  At least, don't take away my hard-earned money, us EMTs and paramedics make so little money for such a hard job, I don't think I deserve this...

 

Anyone has a suggestion?

 

Thanks,

Max

  • Like 1

sig01.png

Link to comment

I think the whole thing sounds very odd.  So far as I am aware, the Navigraph installer has no need to connect with the network at installation time and no connection is established when the files are used.  The files can be downloaded from any IP and used on any machine so a digital 'watermark' is completely useless.  Further, most of the datasets are ascii text and there is nowhere to hide a watermark.  I would suggest that you attempt contact with them again and work things out.  My experience with them is that they are very reasonable folks.

 

DJ

Link to comment

This is an automatic message.

 

This topic has been moved from "MS FSX Forum" to "Hangar Chat". This move has been done for a number of possible reasons.

  • The most likely reason is that the post was off topic.
  • The topic could also have contained images or a video that were not appropriate to the original forum it was posted in.
  • The images might not have been "illustrative" or "explanatory" in nature.
  • The topic could have been moved because we deemed it to be more appropriately placed elsewhere.
Please ensure that your posts are "on topic" and contain illustrative images or videos as appropriate. Do not post videos or images just for entertainment purposes anywhere but in the screen shot or video forums. See our image posting rules here.

 

Members who continue to post off topic posts can be denied entry to specific forums in order to reduce and remove the practice. Your cooperation is appreciated.

Link to comment

Aerosoft is better.

Jim Driscoll, MSI Raider GE76 12UHS-607 17.3" Gaming Laptop Computer - Blue Intel Core i9 12th Gen 12900HK 1.8GHz Processor; NVIDIA GeForce RTX 3080 Ti 16GB GDDR6; 64GB DDR5-4800 RAM; Dual M2 2TB Solid State Drives.Driving a Sony KD-50X75, and KDL-48R470B @ 4k 3724x2094,MSFS 2020, 30 FPS on Ultra Settings.

Jorg/Asobo: “Weather is a core part of our simulator, and we will strive to make it as accurate as possible.”Also Jorg/Asobo: “We are going to limit the weather API to rain intensity only.”


 

Link to comment

 

 


What it all comes down to is, because someone hacked me, they took my money.  It's just not how one does business.

 

What happened to "the burden of proof is on the accuser"?

 

What proof do they have that you gave it up willingly?

 

Sounds like a letter from an attorney would be in order.

 

Was just about ready to drop some cash on Navgraph this weekend, will wait to see the outcome.

Link to comment

I think the whole thing sounds very odd.  So far as I am aware, the Navigraph installer has no need to connect with the network at installation time and no connection is established when the files are used.  The files can be downloaded from any IP and used on any machine so a digital 'watermark' is completely useless.  Further, most of the datasets are ascii text and there is nowhere to hide a watermark.  I would suggest that you attempt contact with them again and work things out.  My experience with them is that they are very reasonable folks.

 

DJ

 

I really tried.  They didn't answer anything to my multiple emails since Feb 11.

 

 

Why don't you try aerosoft navdata pro? 

 

 

I would take my business elsewhere. Aerosoft

 

 

Aerosoft is better.

 

I own PFPX and am extremely satisfied.  The problem with Aerosoft is two-fold : I'm waiting for the Milviz KA350i, which will only support Navigraph, and I'm a VAC pilot (Virtual Air Canada), which uses SimBrief extensively and Navigraph is the exclusive Airac provider.  Why is it better?

 

 

What happened to "the burden of proof is on the accuser"?

 

What proof do they have that you gave it up willingly?

 

Sounds like a letter from an attorney would be in order.

 

Was just about ready to drop some cash on Navgraph this weekend, will wait to see the outcome.

 

In short - none.  I'm in Canada, they're in Sweden.  I don't have $300 for an attorney to send a letter over a $30 subscription - I just feel cheated out of my money.  Thanks for your support - it means a lot.

sig01.png

Link to comment

If I was a betting man I would say that Navigraph has no real understanding of how to properly use there anti piracy countermeasures and an error in reading the data has unfortunately turned up your name. kKeep after them until they resolve this issue. good luck

 

 

Link to comment

If I was a betting man I would say that Navigraph has no real understanding of how to properly use there anti piracy countermeasures and an error in reading the data has unfortunately turned up your name. kKeep after them until they resolve this issue. good luck

 

I think it indeed is my data, because I have proof my system was illegally accessed and files were taken from my computer.  I just think that I shouldn't be punished more than having lost important personal files.

 

Basically, it's like if someone stole your car, then used it to commit a bank robbery, and then the bank would take $5000 from your account to reimburse themselves because they used your car to flee the crime.

sig01.png

Link to comment

Are you sure you haven't misunderstood what Navigraph is accusing you of? As someone else pointed out, the actual database files are simple ascii text files for most add-ons, which cannot be watermarked.

 

Were you using the new database manager program to download and install your databases, or downloading the individual databases as executable installers? (The original way Navigraph distributed their databases).

 

If the latter, I suppose it is entirely possible that the installers themselves could be individually watermarked. If the hackers downloaded the installers from your computer, then posted them on a torrent site, I can see how it might have come to Navigraph's attention.

 

The reason I asked if you misunderstood their accusation, is because it seems more likely that you showed up on their radar because your account credentials may have been compromised in the hacking incident. Many e-commerce servers that require a user ID and password for customers to download content, will throw up a flag if a customer account is accessed from two widely separated geographic locations within a short time span - evidence that (potentially) access credentials have been shared or pirated.

 

Also, many varieties of malware (some quite stealthy) carry key logger payloads, specifically designed to capture user names and passwords, meaning that your computer can be compromised without a hacker having to "drill into it" through your firewall.

Jim Barrett

Licensed Airframe & Powerplant Mechanic, Avionics, Electrical & Air Data Systems Specialist. Qualified on: Falcon 900, CRJ-200, Dornier 328-100, Hawker 850XP and 1000, Lear 35, 45, 55 and 60, Gulfstream IV and 550, Embraer 135, Beech Premiere and 400A, MD-80.

Link to comment

I think the whole thing sounds very odd.  So far as I am aware, the Navigraph installer has no need to connect with the network at installation time and no connection is established when the files are used.  The files can be downloaded from any IP and used on any machine so a digital 'watermark' is completely useless.  Further, most of the datasets are ascii text and there is nowhere to hide a watermark.  I would suggest that you attempt contact with them again and work things out.  My experience with them is that they are very reasonable folks.

 

DJ

 

Impossible to watermark just because it's an ascii text file?  Not at all.  Watermarking could be as simple as embedding a nonexistent waypoint into the database with user-unique coordinates which are associated with the account of the user.  If the database file then were to show up on a warez or other pirate site, it'd be easy enough to determine the origin of that database file.  And that's just one way of hiding an effective watermark in plain view.

 

Regards

Bob Scott | President and CEO, AVSIM Inc
ATP Gulfstream II-III-IV-V

System1 (P3Dv5/v4): i9-13900KS, water 2x360mm, ASUS Z790 Hero, 32GB GSkill 7800MHz CAS36, ASUS RTX4090
Samsung 55" JS8500 4K TV@30Hz,
3x 2TB WD SN850X 1x 4TB Crucial P3 M.2 NVME SSD, EVGA 1600T2 PSU, 1.2Gbps internet
Fiber link to Yamaha RX-V467 Home Theater Receiver, Polk/Klipsch 6" bookshelf speakers, Polk 12" subwoofer, 12.9" iPad Pro
PFC yoke/throttle quad/pedals with custom Hall sensor retrofit, Thermaltake View 71 case, Stream Deck XL button box

Sys2 (MSFS/XPlane12-11): AMD 7800X3D, water 2x240mm, MSI MPG X670E Carbon, 64GB GSkill 6000/30, nVidia RTX4090FE
Alienware AW3821DW 38" 21:9 GSync, 2x4TB Crucial T705 PCIe5 + 2x2TB Samsung 990 SSD, EVGA 1000P2 PSU, 12.9" iPad Pro
Thrustmaster TCA Boeing Yoke, TCA Airbus Sidestick, Twin TCA Airbus Throttle quads, PFC Cirrus Pedals, Coolermaster HAF932 case

Portable Sys3 (P3Dv4/FSX/DCS): i9-9900K @ 5.0 Ghz, Noctua NH-D15, 32GB 3200/16, EVGA RTX3090, Dell S2417DG 24" GSync
Corsair RM850x PSU, TM TCA Officer Pack, Saitek combat pedals, TM Warthog HOTAS, Coolermaster HAF XB case

Link to comment
  • Commercial Member

My name is Magnus Axholt and I am the ultimate responsible for the decisions made at Navigraph, particularly for exceptional cases like this one.


 


I would like to make the following points:


 


1. The effect of piracy cases in general


2. How our anti-piracy measures affects all of our users


3. The specific case of Mr. Maxime Cotton


4. My ability to follow up


 


1. The effect of piracy cases in general


 


Data is an intangible goods which can be copied and distributed so easily that one seldom reflects over the value of data. We at Navigraph pay a lot of money to get our source data from people who read aeronautical information and compile it into databases. The labor of this work, and the salary cost for people performing this work, and the fees for expert consultants hired to review this work, is very large. This is done every 28 days. You don't have to reflect on this very long to realize that the data output every month is worth a lot, in terms of production costs. The main customers for this type of data are airline companies. They need this data in order to offer a safe transport service. Luckily, mainly due to the sheer size of their operations, they can support this labor cost of producing safe aeronautical data. Flight simulation, however, is a secondary market, and the incomes generated from this market segment is nearly nothing compared to what is generated from the airline companies. This means that if there were anything that would pose a concern for the main market segment, if the data was to circulate in a way which potentially upset the business in the main market segment, I think that our license agreements with data providers could be in jeopardy. The take-home from this paragraph is that piracy of aeronautical data in the flight simulation market segment is obviously a monetary concern since we lose potential income, but an even larger worry is that aeronautical data might become much harder to get if the companies that provide our source data decide to terminate our license agreements since we cannot control the way in which they data is being copied and distributed.


 


COPYING DATA IS NOT ONLY AN ECONOMIC LOSS, BUT MAY ALSO RESULT IN THE FACT THAT THE SUPPLY OF ALL FLIGHT SIMULATION DATA IS CUT OFF FOR EVERYONE.


 


2. How our anti-piracy measures affects all of our users


 


We need customers to generate income. We need happy customers in order to generate recurring income over a period of time. Once all of this is in place, then we might look into efficiency in order to generate profitability to ultimately make room to expand our business and develop new products. Revoking someone's account and forfeiting the subscription may not seem like a smart move when it comes to generating more happy customers. However, this is something we do when an account has been involved in, or linked to, the illegal copying of our data. I try to steer away from legal or technical terminology, because I am not an expert in either of the areas, but I sometimes have to refer back to stuff like the terms of service which you as a user entered into when starting to use Navigraph services. In these terms we tried to think of stuff like this - what do we do if our data is copied in an uncontrolled fashion and our data providers come breathing down our neck, and on top of it all we start losing money? We have decided to straightforwardly just disconnect the account which we think is reason for the uncontrolled copying of our data. Please don't mark my words here - we do much more than just "think" that an account has been involved. We have good measures to figure out who's doing what, and much of it is based on this watermarking which has been mentioned here in the forum. For obvious reasons I don't want to detail it too much, but we have technically sound and established ways of linking users to datasets.


 


Ok, so let's assume that our watermark gives us the correct information and we have indeed found someone's data floating around on the Internet. Can we call the lawyers and sue someone? Press charges? If we wanted to - yes - but in practice it would be too expensive to follow up on every single case. And what's more important - we wouldn't get any customers if they knew that they would be threatened by a lawsuit if their data somehow went astray. Sure, we could argue the circumstances around how this data was lost, whether the user's computer was sufficiently protected, if the data was lost due to willful neglect, and whether the user's actions (or lack thereof) had sufficient causality compared to the damages that arose from copies that we were not paid for. Some people even argue that they would never download the pirated data unless they came by it free of charge, so even tracking the number of illegal downloads is not a good way of estimating the damages. In short, I am not a legal expert, and I prefer spending my time designing software which people enjoy to use. Therefore, we are left in a very frustrating situation with no real way of combatting the users who pirate our data. The only measure we have as a reactive one, which entails deactivating the account which is linked to the suspicious activity.  Section 11.3 in Terms of Service http://www.navigraph.com/Terms.aspx says that we can pull the plug on an account which we think is involved in fraudulent, immoral or illegal activities, or for other similar reasons. That was legal again, sorry. I also agree that his is a blunt and arbitrary tool, but at the moment that's all we got.


 


So where does that leave us? Do we get happy customers by closing down accounts? No. Quietly stand by and see our data being circulated around the net, not taking our responsibility we put in writing and promised our data providers? No. We have to act on a case by case basis, and more often than not we are right when we are closing an account. Quite often it's someone who is not old enough to realize the consequences of their actions, or someone from a country where intellectual property rights (copyright) is not as respected as here in Sweden. In short, most of the time we flick the switch on the right accounts for the right reason. This is good, because if ensures that we are in business for a bit longer, have a decent price on our products, and can continue to offer this data to you.


 


HONEST CUSTOMERS MUST NOT FEEL AFRAID THAT WE WILL PRESS CHARGES IF THEIR DATA IS LOST. EVEN IF OUR METHODS ARE BLUNT, WE ARE RIGHT MOST OF THE TIME. MOST IMPORTANT IS TO BE FLEXIBLE.


 


3. The specific case of Mr. Maxime Cotton


 


Max was very forthcoming with information about his situation, but there was no real way for us knowing whether this was just another story (because they tend to become very detailed and circumstantial and lack that ring of truth) or if Max's computer indeed was compromised. Either way, the damage was done, and closing down his account is what we have always done in an attempt to control the damages. We did not devote any resources to investigate and evaluate the material Max sent us where he, with the help of his ISP, had gathered information to prove that he had not willingly given up the dataset. While we still claim the right to close down Max's account based on what's said in section 11.3, we realize that this is in some cases a quite blunt tool.


 


So what do we do now? Do we let Max back onto our systems again, knowing that his computer still may be at risk, and that our dataset once again can be illegally copied and spread with the consequences described here above? The risk of this happening is probably lower on Max's computer now, compared to any other arbitrary user of our system, mainly because Max has made a pretty thorough review of his system security.


 


Given that fact that Max has chosen to discuss this in public, we no longer have any reason to believe that he has anything but good intent. Therefore we have chosen to take Max's word for being an upstanding flight simulator user, and also someone who takes his data security seriously. We therefore reinstate his account with his remaining cycles. We also offer him a year's worth of free access to all of our data as a compensation for the time he has spent on this issue.


 


MAX COMPUTER SYSTEM WAS COMPROMISED. EVEN THOUGH THE DAMAGE IS DONE, REGARDLESS IF THE DATA WAS COPIED BY WILLFUL INTENT OR NOT, WE WILL REINSTATE MAX'S ACCOUNT AND COMPENSATE HIM FOR HIS TIME.


 


4. My ability to follow up


 


Even if Richard, Ian and sometimes Simon write a line or two in forums, I generally tend to focus on the Navigraph forum. I cannot guarantee that I will see any posts in this thread and answer them in a timely manner. At some point I will check in and ready any comments or reactions you might have. You are of course welcome to post in the Navigraph forum, or - if you think there is something I need to know immediately - write to me at [email protected]


 


All for now…


 


Magnus - and the Navigraph Development Team


  


  • Like 1
Link to comment
Guest
This topic is now closed to further replies.
  • Tom Allensworth,
    Founder of AVSIM Online


  • Flight Simulation's Premier Resource!

    AVSIM is a free service to the flight simulation community. AVSIM is staffed completely by volunteers and all funds donated to AVSIM go directly back to supporting the community. Your donation here helps to pay our bandwidth costs, emergency funding, and other general costs that crop up from time to time. Thank you for your support!

    Click here for more information and to see all donations year to date.
×
×
  • Create New...