App abuses Twitter IDs to produce bogus piracy ‘confessions,’ including one from magician Teller

Enfour, maker of Oxford Deluxe, blames it all on a ‘bug’ … right, a bug.

Here's the apparent thought process of some genius or geniuses at software maker Enfour: We're so fed up with seeing our $55 Apple iOS dictionary app called Oxford Deluxe pirated that we're going to hoodwink people out of their Twitter credentials and then send impersonated tweets from their accounts that read like this one:

tweet

This vigilante tactic would be outrageous under any circumstances, but it's made all the worse in this case because Enfour's gotcha code - which the company is implausibly blaming on a "bug" -- apparently cannot tell the difference between software pirates and actual paying customers. It's also an obvious cautionary tale about trusting third-party apps that ask for your Twitter (or Facebook) credentials.

(Follow-up: Company's fuller apology comes up empty.)

The phony Twitter confessions began in conjunction with a Nov. 1 upgrade of Oxford Deluxe; they continue at a rate of about a dozen an hour as I type; and claimed as one victim the entertainer Teller, best known as the silent half of the magic act Penn & Teller. And while I cannot find the original "confession" tweet falsely purporting to be from Teller, he did send this disavowal of it only a few hours ago.

teller

Teller may be mystified -- and how's that for irony? - but one person who believes he has the dirty trick figured out is Andreas Odegard, who wrote on the website Pocketables about his being subjected to the false confession business:

So are we all software pirates? No. I still have the receipt email from August 18 2010 to prove that I paid the $50 for this app, as I do with all my apps. I have Installous, a jailbreak app for installing pirated apps, installed, but have only ever used it once: When Scanner Pro, which I also legally own, introduced a bug in the app that made the app stop working completely on my device. Installous lets you browse a list of available pirated versions of the app, which also means you can use it to go back to an older version of an app you legally own. This is otherwise impossible in iOS, unlike on Android.

I don't know if there's a relation there, but I assume so. If I were to guess, I assume the developer got tired of having the $50 app stolen, included a check for Installous, and simply forgot to actually add a method to see if the users had used it for the app in question. Whoops?

As for the software maker, Enfour, its spokeswoman has fielded a barrage of complaints on Twitter, where she has blamed the problem on "a glitch in our anti-piracy module" and noted that "piracy is a huge problem for everybody."

So, too, is identity impersonation.

denial

I've asked Enfour to elaborate on the "glitch" explanation.

And I've asked Apple if it will be taking any action against the company for abusing the Twitter credentials of its customers.

(Update: Jon Brodkin at Ars Technica notes that the "bug" infected not only Enfour's Oxford Deluxe product, but a host of the company's other offerings.)

(Update, Nov. 14: Company's fuller apology comes up empty.)

Welcome regulars and passersby. Here are a few more recent buzzblog items. And, if you’d like to receive Buzzblog via e-mail newsletter, here’s where to sign up. You can follow me on Twitter here and on Google+ here.

Insider Tip: 12 easy ways to tune your Wi-Fi network
Join the discussion
Be the first to comment on this article. Our Commenting Policies