search
Carter Cole LinkedInCarters Twitter PageCarter Cole on Facebook Carter Coles RSS

Thursday, May 19, 2011

Sorezki SEO Plus stole its code from SEO Site Tools... and heres the proof

Roi Sorezki has contacted me and said that the code was copied by a developer and that the copied portions of code would be removed.

Imitation is the sincerest form of flattery... unless they are stealing your code

Hey there! I'm Carter Cole, the developer of the wildly popular SEO Site Tools Google chrome extension. It's currently boasting a little over 34,000 active users and it's my 2nd most pride and joy (I've got a son, Seth). My extension took a lot of hard work and time to create and today I found someone had stolen my work and reskinned it, calling it their own, adding only minimal changes to the ui and almost no functionality. As a kind of counter, to hopefully shame the person who stole my code, I'm going to run through all my code. How it works, the history of how I created it, then im going to show the copied UI elements and finally I'm going to show the copied code stolen from my extension.

Skip to copied code or Skip to copied UI (warning i kinda go on a rant to explain why I care so much about this little tool).

I like to think of my tool as the Borg of SEO tools. I first got the idea to build it when I heard SeoMoz had a free API. I hoped to create a 1 to 1 copy of the SeoMoz extension for Firefox as a Google Chrome extension and give it to SeoMoz to try and give credibility to get a job there and also to take credit for the chrome version. They didn't want to go for that and were going to keep it in-house but would help and give feedback. After my first prototype it felt like something was lacking. There were so many more data sources that the moz tool didnt show... So I downloaded every Firefox and chrome SEO Extension I could find and started sniffing the API calls they made (or scraped off serps, the best way to do this is with something like Fiddler). By combining only the metrics that really matter and adding in a few of my own ideas I had something awesome. Thats why I call it the Borg, it was made by replicating the best parts and as soon as another extension (in this case that was "Chrome SEO") created a new feature I would replicate (but not steal) the functionality and add it to my tool. I was doing almost weekly update and the user-base was growing like crazy. Then I got a new job and things stagnated. My extenstion is run on almost 10k pages a day and because of scope creep I've lost sight of my original goals and haven't made an update in months. I really need to block out time to make updates. My tool getting stolen has been a rude awakening that I need to get coding again. So enough about why this matters so much to me. I'll get into how they stole my tool.

Now, because of the nature of Google Chrome extensions (they are all just HTML and JavaScript) it's quite difficult to protect your source code so you expect it to be seen. Knowing this, I didn't even try to obfuscate the code because its pretty easy to reverse and if they really want the code they will get it. But there are some trade secrets you want to keep so you do them in a way that's not that hard to figure out but will trick a few. One of the problems I identified with SeoQuake (my closely following competitor) was that they only hit one Google datacenter, that caused there pagerank queries to look automated and thus get the violation of tos message. Google has tons of datacenters and I figured not all of them are telling each other who's asking for pagerank, so if we loop through all of them then we will have a kinda snowshoe that will let us make as many pagerank queries as we want without hitting those rate limiters. Cool, eh? Well, here they are, all the Google Datacenter IPs DWORD encoded to try and help hide what they were. They appear in my SEO Site Tool like this: and here is the stolen copy... on his server. Hmm, those kinda look the same... that's a little weird! But hey, I mean, that's just some regex and IP constants. There's nothing really magic in there right? Not so bad.
Then we look at the gwebtools.js. It's obfuscated on his server, where it's here gwebtools-remote.js but that packer is easily defeated by the JS Beautifyer and we find that its an exact copy. Except, he removed my branding logo.

OK, so there are giant portions of code that are copied from your tool and obfuscated on a remote server where he AJAXes it in to be evaled so none of the code he stole shows up in his tools file.

Here's how his eval function works executing my code... he ajaxes it in and executes it. I can keep showing example after example of copied function names and entire scripts that run different enhancements I wrote, but what made it so blatantly obvious that it was mine was the layout and display. I mean, it's all also copied. I even found a file they distributed with the extension called changesList.txt that had this in it. They took my code and just started Frankensteining it with their branding. But let's get to that stolen UI.
So, they actually AJAX in the HTML from my page from this url indexhtml-remote.html when the popup loads. I used the google chart API to make my link pie chart... heres theres (as blue).


They even copied the tooltip help stuff. I mean, it's like they didn't even care to try and hide it.


The way it shows the views of the elements is the same too, just some changes to my stylesheet is all it took.

Heres another example of exact copies of my tool compared to theirs (I'm showing theirs then mine).
...and here is my version: the original.

Same tools same copy same html table to resize the window... the function calls are the same all of it, along with the string tools (which were really added in there for me but i got some good ideas from ontolo tools so ill add those to the list of things to build)
Again im showing his copy and then my original...
Copy:
Original:

And finally, they copied all my automated SEO advice... something I actually hate to do because you get some users that fight to get all green and its not really the best use of their SEO time, but thats a whole different issue.

One more time... heres there copy:

...and the same exact results in the same order as my tool just different colors.


I've worked hard to create my tool and you have only begun to see the cool ideas I have planned. Hopefully I won't need to keep fighting my code being stolen, but I've worked too hard to see all my intellectual property stolen and do nothing about it.

I'm tired and wasted my night writing this whole rant. I just want credit for one of my best pieces of work, and if you want an SEO extension send me an email. I've built them for other firms and if the partner is right I see no reason why I wouldn't license the code out (the whole point is bragging rights and finding a way to make a little money), petty? I guess, but itss my code and I'm gonna fight to keep it.

1 remarks:

Post a Comment

Link to this post if you found it usefull

Sorezki SEO Plus stole its code from SEO Site Tools... and heres the proof