3rd party sites have been selling my software without my knowledge, and that’s perfectly fine

Anyone who writes software within the confines liberties of the GPL has more than likely at some stage in their careers discovered that their products have been appropriated in ways they may have never expected.

Today I discovered that several websites have been selling my products “nulled” (as it’s known) with the license technology stripped out. This is actually their entire business model, I found out, as I was chatting with a support person today who was very open and candid about it. She also agreed, to her credit, that they were taking liberties beyond what they were entitled to and that she would be happy to rectify the situation. More on that subject further in.

To anyone unfamiliar with the GPL (General Public License) arrangement, this will immediately seem outrageous. When I told my wife and kids this evening they were absolutely shocked, stunned and began making all manner of reasonable suggestions.

But the truth is, the website in question is allowed to take my GPL software (and yours), repurpose it in any way they see fit, and sell it for their own financial gain. This is one of the fundamental liberties of the GPL (I’ve written about this subject before).

From the outside looking in it can be hard to understand why anyone would want to work in such an ecosystem. The first thing that usually comes to mind is “So someone can just download your software once and just share it with everyone and you wouldn’t be able to make any money from it?”. That’s a valid question, and developers who work within the GPL system will usually give you the same response: “Paying customers are not paying for the software, they’re actually paying for support, updates and improvements”.

And that’s the key difference.

If there’s a problem with any of my products, or a customer can’t get something to work properly, or they have any other questions related to the product they have purchased, I am there to get hands-on and sort things out. Additionally, products are continually improved and tested for compatibility in an everchanging technical landscape, providing peace of mind for the users who rely on them.

But for anyone who purchased my software through unofficial channels, they’re on their own. Said unofficial channels do not offer support for my products or any body else’s they sell, they do not update it, do not improve it or add requested features, and absolutely will not come to you aid to help you troubleshoot an issue you’re having with your website while using the plugin.

If one of those ‘illegitimate’ users came to me for support, the first thing I will do is request they login with their Rocket Apps account (which only real Rocket Apps customers will have) and log a support ticket from the support page.

Checkmate.

And that is the primary way that developers who sell software in the GPL universe survive.

Taking Unreasonable Liberties With The GPL

So while I don’t take issue with anyone profiting from software I have created, what I do take issue with is blatant content theft.

The GPL only extends to the actual code, and does not allow using any original images or text you have created for the product (unless you specifically mention in the license that you’re cool with it). But in this case, the website in question not only copy and pasted all my text and images verbatim, they even hot-linked all the images.

This means a couple of things. First, much of the documentation they stole will become stale over time (unless they continually come back to get updated copies).

Second and more importantly, stealing my original images and artwork (also protected by copyright law) by hot-linking is not cool, and consequently steals my bandwidth and resources. I actually thought my web host had hotlink protection already enabled, but that wasn’t the case (that’s been rectified now). In any event, just because someone makes it easy for you to steal something, doesn’t mean you have the right to do so.

Likewise, using the same product name will fall outside the scope of the GPL if you have a valid trademark, and is actionable by law if you wanted to take it that far.

Full Recourse

So what can you do? In my case the options are limited. I’ve reached out through their contact form and kindly asked that they remove all my original images and text from their website. Sure, they can sell my software and undercut my own prices, but I don’t have to make it easy for them to steal my content.

When you consider their business model, I’d like to think they are well versed in all things GPL, and I have absolutely not doubt in my mind that they are fully aware stealing images and content falls outside the legal scope. So I guess they just hope nobody notices, and happily comply when the original developer makes some noise. What is that old saying? It’s better to ask for forgiveness than ask for permission.

So far it looks like they have made a start in honouring this request, but I will check back to see if they follow through.

Why it doesn’t bother me

Any developer who works in the WordPress space has probably faced this situation at some point. I first experienced this several years ago when Task Rocket and associated add-ons were still a thing, and my first reaction was of pure annoyance and frustration to see them selling my products for only a fraction of the original asking price.

But after a while, I realised those feelings were unfounded. First there’s the whole GPL thing which makes their actions perfectly legal. This is part of the game we partake.

The second and most important reason, is that customers of those other websites were never going to be Rocket Apps customers anyway. Those users sought out Rocket Apps products on 3rd party sites for cheap specifically because they felt the original price was too high. And I absolutely don’t begrudge anyone who isn’t comfortable spending more than they can afford.

Going by this logic, those customers couldn’t take any income from me if they weren’t going to buy from me in the first place.

You are taking a huge risk buying nulled plugins

Reality check: a lot of nulled plugins are loaded with malware, backdoors and who knows what else. It absolutely, 100% doesn’t matter if they claim ‘no malware’ on their website, because you have no way of knowing if it’s true.

I’ve been in this line of work for 25+ years and have seen my fair share of scary stuff, including malware in WordPress plugins that silently:

• Changes admin login credentials and emails it to a random attacker.
• Hijacks ecommerce payments and gains access to payment provider accounts (PayPal, Stripe etc).
• Sends spam from the server, affecting the domain reputation (and slowing down the site).
• Alters content and injects ‘undesirable’ adverts.
• Disables security plugins.
• Creates a backdoor for ongoing access.
• Downloads more malware.

Unless you’re reading through every single line of a nulled plugin’s code (let’s face it, you aren’t), you can never be certain it isn’t doing something shady in the background. And by the time you realise something’s off, the damage is already done.

Is it worth the risk to save a few bucks?

Of course not.

That being said, I understand some people might think some of my plugins are too expensive, and I’m not one to argue something as subjective.

If you’re one of those people, and you really want to use one but don’t want to risk acquiring it ‘on the cheap’ though unofficial channels, I’m always happy to work out an arrangement.

Let’s talk.

More Articles