> publicly calling out the behavior
> I’m still holding off on naming the company directly
Does not compute. Why not name them?
> Does not compute. Why not name them?
Legal risk. If the company decides to be a litigious prick about being named & shamed they might not win, but before losing they'll cost the product owner a pile of time and, at least temporarily, money.
Stating the errant company's industry and size gives us plenty of information to make an educated guess, without actually stating the name. I suspect that this action blocks any useful future relationship as much as direct naming would, so that risk has been taken, but I also assume that no such beneficial relationship was likely to happen anyway so doing this is worth it to get the publicity, both through the story and perhaps a little cheeky marketing down the road (“as used extensively by the famous company we won't name, but you can guess”).
One thing I would definitely do at this point, now the company knows they have been detected, is to try¹ make sure all support for that company is on the lowest priority possible. Absolute minimum response time 24 hours. 24 working hours, especially if the issue seems urgent to them. No responses beyond automated ones outside of normal business hours. Never try to guess: any missing information in a support query gets queried and the subsequent clarifying responses are subject to the same 24+ working hour latency. If anyone tries the “we are a big company, you should prioritise this” thing, respond with “With an email address like that? Yeah, nah.” or more directly “We know, a big company who knows it is massively in breach of our licence, and yet we are still generously responding to you at all.”.
------
[1] They may of course have/find crafty ways to get around this too, but if they are determined to avoid doing the right thing at least make them work to avoid doing the right thing!
Sounds a lot like it is BlackSky NYSE: BKSY
https://www.businesswire.com/news/home/20250508909866/en/Bla...
Because as long as they don't name them, there's still a chance they'll pay up or self-host. As soon as they do name them, any chance of a meaningful business relationship will disappear.
Did you read how much work these people put into not paying? I think that ship has sailed long ago.
Because this is almost always just the fault of some low level engineer trying to save some time rather than some systemic issue at the heart of the company.
The company will just apologise and the CEO will make sure to tell everyone they know never to deal with this vendor ever again. IT is a very small world and reputations last a long time.
by declaring, but not acting yet, the OP gives the company an out, and allow a potential payday to come. After all, everybody is after money. Any action which seems strange or wild, when considered from the POV of making money, would start to sense.
Because they could sue you. Even if the suit is baseless it’ll cost a lot to defend, and you might accidentally give them some basis in the process
This doesn’t make sense as a risk… can’t anyone in the US already sue anyone else whenever?
Yes but the company in question has no motive to sue. They aren't named and any lawsuit would be completely fraught and easily dismissed. On top of that, they would be revealing themselves by suing. It gets more complicated if they are named and now have an actual reason.
Lawsuits aren’t fun.
Aren't they? I sued a huge multinational company years ago, as an individual. People predicted the apocalypse. I won. It was lots of fun.
(It was in France so the lawyers' fees weren't what they are in the US. But the way people advised me not to sue, was very similar.)