August 2, 2011
Email From Tomás Pollak of Prey Project Admits Using Unlicensed Geolocation

After my post here regarding my experiences with the Prey Project, Tomás Pollak the founder of the Prey Project sent me an email ( pasted the full email below), where he states “I just stumbled upon your tumblr blog thanks to a link that one of our users sent me.”  He apparently did not see questions posted as he was ” swamped with work, mainly due to server migration as (once again) we’re struggling with server load issues.” This is another red flag, a system that is being relied upon by what I am guessing are several thousand people is failing, I monitored the uptime for a while and found it was down quite a bit.

So regarding one of my main questions regarding the use of Google’s Gears API for location here is his response.

I’m aware that Google Gears’ TOS claims that the API should be accessed via the native JS interface, however I’ve personally talked about this with a couple of folks at Google I know, and it was pretty clear to me that Google doesn’t bother about us using their — publicly available, might I say — HTTP service.

So the CEO of Fort Ltd. claims that he talked with a few friends at Google and they said they don’t mind that Prey is using the API in a way that he knows is against the terms of the license. He then further states that he knows it will be deprecated, yet there is no clear path to a new solution:

Anyway, Google Gears will be deprecated so in the near future we’ll probably switch to another location provider like Skyhook (who, in fact, has already asked us to use their service).

I looked into Skyhook for my own project and they charge real money for the use of their API, Prey will not be able to hook into it for free, which means that either the customers will have to pay, or they will go without location.

The fact I also received excuses regarding why the full source code is not available for a project that claims to be open-source also raises all kinds of red flags. So when it comes to people who are critical of the project claim it is open-source or “beerware”, but go ahead and keep charging people for it. Since I made a post that was critical then I finally get reached out to regarding my questions after being threatened with being banned from their group for asking these very same and important questions. No thank you Mr. Pollak there are other real open source projects I would rather spend my time on, not a commercial entity hiding in open source clothes, especially one that is comprised of shell scripts.

===========

Hi Steve,


My name is Tomás Pollak and I’m the guy you want dead.
I just stumbled upon your tumblr blog thanks to a link that one of our users sent me.
I’ve been away the last couple of weeks so I’ve been unable to take a look at the threads on Prey’s Google Group. I wish I’d been available to answer your emails a couple of weeks ago to answer your questions. Truth is we’ve been swamped with work, mainly due to server migration as (once again) we’re struggling with server load issues.
Ok so from what I read, it seems you’re pissed because: 
a) The code for the installers isn’t available (assuming that’s what you mean by UI), and b) That the client uses Google’s Geolocation Service (from your point of view) without permission.
Let me start by saying that in my opinion your claim regarding a) is 100% valid. In fact there are other people who’ve also asked for specific parts of the code that aren’t available — such as the OSX lock binary— and I’ve personally contacted them and sent every piece of code that was asked for.
I know that this doesn’t excuse us from having all the pieces of the code available and I agree that’s something we really need to work in — just as we also need to better the docs, fix bug requests quicker, and be more responsible to answer to suport requests as well.
As you may know, Prey was born as a beerware project by me, and to be truthful I never thought it would actually catch up. Originally I thought it as my “grain of sand” to the OSS community but reality hit me back. You’d never imagine the amount of time I spend *every single day* just to keep the servers running — eg. responding to requests, processing reports, etc. And I’m not talking about paying users (those are probably around 0.01%), I’m talking about users who don’t pay a dime but obviously expect the thing to work.
If I only could get my weekends back!
As for the server code, we haven’t released it because we’d never be able to provide any kind of support to people who wanted to install the thing on their own servers — we barely manage to provide support for users who want to track their PCs!
This, in fact, is something we’ve discussed plenty of times in the group. Take a look at this message, written more than a year ago:
http://groups.google.com/group/prey-security/browse_thread/thread/3353baf8419fe77d/024cac00ba60b979#024cac00ba60b979
Now, if there’s some client-related code (written by us) that’s not available I promise it will eventually be. In the meantime just ask for it and I’ll gladly send it over. In fact I plan to move all the repos from my personal Github account over to github.com/prey — just as we did with the Android source code — and in the process fill in all the missing gaps. This includes the licensing for all the public-domain or open source third-party stuff we’re using (the Debian guys helped a lot when building the .deb package).
Regarding claim b), as Tom pointed out in the thread the one that makes the request to Google’s Geolocation Service is the geo module (written in bash, fully available), not the Control Panel. I’m aware that Google Gears’ TOS claims that the API should be accessed via the native JS interface, however I’ve personally talked about this with a couple of folks at Google I know, and it was pretty clear to me that Google doesn’t bother about us using their — publicly available, might I say — HTTP service.
Anyway, Google Gears will be deprecated so in the near future we’ll probably switch to another location provider like Skyhook (who, in fact, has already asked us to use their service). 
I hope I clarified some of your doubts about our project, and I’m available for a chat any day if you want to. You seem to be a very clever guy and you’re more that invited to join the project if you want to. My skype username is ___ and by the way, I’m not chinese. :)
Cheers,Tom


Tomás Pollak
CEO, Fork Ltd.
forkhq.com

  1. corilla-marsh reblogged this from preyprojectissues
  2. preyprojectissues posted this