Trialware in the directory

Not really
A freemium works in its limited features - forever
A premium you can’t install without paying

I was initially of the same opinion, but a trial ware is really working full feature stack and then stops working

It’s not the same, and it makes us a lot of working to check their code how they check trial expiration (opt in communication to external server is a must) and after all as others have said it basically doesn’t even exist in plugin world
Thus I think we’d lose time for not much by thinking about how we can support this.
After all if someone wants to do trial ware they can also just do that on their site.

I don’t think we should support this (anymore, before I thought yay :rofl:)

1 Like

Shady is a subjective term :joy: But many do include backdoors and malware, that’s why it’s recommended not to buy or download them. That’s a different conversation though.

1 Like

It isn’t unethical in principle if it’s self-contained software of the sort @ozfiddler mentioned. But let’s give you a scenario that @anon66243189 has touched on, and you’ll see how potentially unethical a trialware plugin could be.

This plugin stores user data. The website owner decides not to keep the plugin at the end of the trial, and now that data is inaccessible (and, for all we know, has actually been lost or destroyed altogether, though it could equally well be sitting in a database somewhere). Now a user approaches the website owner and asks — in accordance with the law in many jurisdictions, including where you are, @Paul — for details of what personal data the website has about them. But the website owner can’t answer that, because they no longer have access to the plugin. They could point the user to the plugin developer, but it’s quite possible that there is no way for that developer to identify the relevant account.

So now we have a website that’s in breach of the law because of the design of the plugin. Think the user won’t do anything about it? Think again! Many of those queries are triggered by credit reports from Experian and the like, and so the user wants the issue addressed. So they complain to the jurisdiction’s Data Protection Registrar, and an investigation ensues. Has this happened? Oh, yes! The person who took over the Display Widgets plugin had this happen.

Do you think the investigating agency would not bother to investigate the place where the website owner got the plugin from? Certainly, if I were one of the Directors of the Initiative or a plugin reviewer or moderator, I would not be feeling too comfortable.

So, I agree with this:

1 Like

This literally happens every time you don’t pay for hosting. They suspend the entire thing, so you have no access to the database at all. It is eventually deleted.

We’re assuming users are not smart enough to understand what might happen if they stop paying for a plugin. We’re also making decisions for the user. Where do we stop? Do we ban a premium plugin because it did not honor a request for a refund? We’re making business decisions for the users. Why?

I do agree that GDPR and privacy laws need to be accounted for. So we can simply require all paid plugins, premium (some premium plugins limit functionality when not renewed) and trialware to not restrict access to any personal information they might interact with. For example, if a plugin is a trialware plugin that adds CRM functionality to CP when the trial expires or is canceled or renewed, any contact data should be available in read-only mode and integrate correctly with privacy tools built into CP. This is probably a requirement we should take for all plugins. They should correctly integrate with built-in privacy tools.

All in all, I think we shouldn’t make business decisions for our users (not our place) and we shouldn’t assume our users are not smart enough to understand what might happen when they don’t renew or pay for a service. Frankly, we will do more good by managing trialware plugins through our directory than letting users install them without getting the full picture. So we can technically help users by placing limits on trialware plugins and making them abide by our guidelines.

1 Like

It is intentional, because the developer had to code the check for whether to work or not. The code literally decides to work or not.
Now, since it has to be GPL compatible, the user could go in and change that code. But the trick is, do we want to promote this sort of limited functionality?
I would vote No, because I know how so many sites are left to run on their own and the trial period expiring between visits to the admin is super likely.
I agree that there is no benefit to anyone in this sort of code, and should be discouraged.

2 Likes

What’s WP’s stance on plugins that integrate third-party service and require a paid account? Without a paid account, they become useless and functionality does stop. So technically they could be considered trialware.

1 Like

Here’s the link for the guideline: https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/#6-software-as-a-service-is-permitted
I would not consider that the same as trialware, because there is nothing in the code that decides if it works or not. A SaaS plugin provides an interface, but it doesn’t decide if the functionality is there or not.

1 Like

The only thing I’ll say here is that under GDPR regulations, the site owner is responsible and ultimately liable. They can point fingers, but the GPDR regulations are quite clear - the entity that is either the data controller or data processor is liable for the data breaches and they must be able to demonstrate steps that have been take to ensure data integrity and safety.

They are liable if they start a trial with a plugin that then stops working and whose data they can no longer access because of technical skills/constraints. If that puts a website of which they’re responsible for data control in breach of the law, the responsibility is their own.

I’m sure, given your examples, there are instances where people do point fingers, and that’s fine. But pointing fingers still doesn’t imply liability.

And as to the question of this scenario being “unethical”, I still don’t see. There’s nothing morally corrupt about providing a trial to someone who doesn’t have the technical wherewithall to handle when the trial lapses. I am of course referring to product that doesn’t brick/destory a site.

But, the question isn’t whether it’s unethical, the question is whether trialware is legitimate. I still believe it is, since it’s a variation on “premium”. Laying out worst-case or bad developer practices/scenarios doesn’t negate the fact that it’s still a premium product.

2 Likes

Absolutely. Assuming the plugin explained its trial period properly, then their decision to use it was an informed and deliberate one. If they end up in a mess, that’s on them. Any squeamishness about this is frankly nannying.

I know perfectly well that the site owner is liable. I also know that most site owners don’t know the law and won’t consider the implications of using trialware. I also know that the user whose details are compromised won’t care about the legal niceties, and that the regulatory agency will investigate everyone involved. That would include ClassicPress.

So this isn’t about “nannying”; ultimately, it’s about self-protection.

1 Like

Okay, so from what you’ve said there, the question you’re debating is less about ethics around trialware and whether or not it should be in the directory, and more to do with how much you want to protect yourself in case some regulatory body wants to start investigating parties related to software that someone runs on their site.

I can’t speak much to that. I guess that’s down to each person’s apetite to do business and provide services.

To me, ethics, law, and self-protection are intertwined. We will be blamed by users in such cases, and they (and the regulator) will ask how come we allowed it to happen. And it’s such an easy problem to avoid.

A post was split to a new topic: Trialware in the directory vote

Not to be political, but, #2 is exactly how US lawmakers do things: vote now to approve the measure and we’ll discuss how it all pans out later.

#1 for me.

I think the initial version of the directory should be limited to free plugins until we are ready to handle paid plugins reasonably.

2 Likes

I think we’re primarily discussing guidelines at this point, to ensure we have a solid foundation to rely on.

Currently it is a no vote from me. I have a Premium plugin and consider that I behave very ethically to my users in that the plugin will continue to operated fully past the license period expires. What they stop getting at that point is updated version of the code (they therefore accept the security and bug risk in exchange for keeping their money) and direct access to me for technical support (I’m more than happy to fully and rapidly support paying customers).

The risk of trial ware as a plugin has been described fully above, functionality terminating at the end of a trial period by design is all well and good on OS level platforms IMO, but not in a hosted web setting. The model there should be freemium, offer a basic set of functions and paid access to your flagship features rather than disabling features after a time period passes.

5 Likes

And I have just realised why I’ve never come across a trialware plugin. WordPress don’t allow them. I see no reason why ClassicPress should be any different.

https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/#5-trialware-is-not-permitted

3 Likes

Why not have a section of the directory specifically for trialware/premium plugins, where they can pay a monthly fee to be listed?

1 Like

Free, freemium, and premium plugins are all allowed. We’re only talking here about trialware plugins that will stop functioning if users do not upgrade.

1 Like