I mean, the fact that it’s not properly protected doesn’t really give you the moral right if “don’t want to pay”.

If the author was that serious about this as a business they would've done it server side -- or better yet sold the unburdened source code at a one-time price.

If you are running someone else's code on your computer you are entitled to change it, morally. The fact that most other programs make this hard to meaningfully do is another problem.

This is why we can't have nice things

(Note: I don't know OP, and have never used their product)

A bit unfair of you to just plainly state how to circumvent their protection in the comments.

The name of this website is Hacker News.

That said it’d be unethical to use this to avoid paying.

There _is_ no protection. the source is publicly accessible.

The conditional in the code _is_ a protection. It is not fair of you to consider it non-existent just because _you_ can easily bypass it.

Using your argument, it would be fair to circumvent any protection as long as a specialist can trivially bypass it? Remember that 99% of internet users have no idea what "Show page source" actually does, much less what "javascript" is. You are the top 1 percentile power user here.

Arguably a lot of things are not strongly protected per se but rely on specialists not trying to actively trick the system, much less posting their techniques on public forums.

> Arguably a lot of things are not strongly protected per se but rely on specialists not trying to actively trick the system

If a system has a vulnerability, it is the system's fault, not the specialist's. I'm a bit sensitive to this line of argument because it and arguments like it have been used in the past to try and demonize the efforts of security researchers. However, I also believe we should have good norms around responsible disclosure.

> much less posting their techniques on public forums.

Perhaps it could've been more responsibly disclosed to the OP, agreed. However, the public internet is a public forum. OP posted his code there, and it was found. Any number of web crawlers have probably already found it. Not the least painful way to learn this lesson, but hopefully it was learned.

Upside to you is some karma points. Downside is harming their business, right there on the launch post. Why? Just quietly notify them offline.

“Business”? This is a weekend toy project, and good for them for trying to explore monetization as part of the exercise.

But reverse engineering the implementation, even trivially, is more intellectually interesting than the effort itself. It’s good content for HN and a really valuable beginner’s lesson for the author.

I appreciate the reveal. I come to HN to see things exactly like this. And if someone is going to “show HN”, well hacker is right in the title of the site so expect people are interested in that kind of thing so best take minimal steps to secure your stuff.

Eh, from the rest of the thread I don't think these 133t HN readers are the target audience anyway.