We have always been vocal supporters of WordPress and the broader WordPress community. A key reason for this is the power and importance of the GPL (General Public License). Software freedom matters. The ability to understand, adapt, and control what happens on your own systems is not just a technical issue, it is a fundamental principle that deserves protection.
Recently, we published an article that explained how to automatically accept the EULA introduced by the All-in-One WP Migration plugin. This popup, which appeared after a recent update, was applied retroactively to all admin users, not just new installations.
The article described how the plugin stores a simple database flag indicating EULA acceptance. We showed how users could set this flag themselves, which is equivalent to clicking the ‘Accept’ button manually. A small code snippet was included, which could be added to a utility plugin or run through tools such as MainWP. This was not an attempt to bypass licence enforcement but a convenience mechanism for users managing their own WordPress sites.
Shortly after publishing the article and its accompanying video, we received an email from a representative of ServMask. While we have chosen not to name the individual, the nature of the message went beyond a simple copyright concern. It asserted that our content was unethical, possibly unlawful, and requested immediate removal under the threat of DMCA and legal action.
To be clear, the only valid concern raised was that our test video inadvertently exposed a licence key. This was unintentional. The installation was temporary and the database had been discarded before the video was published. Nonetheless, we took the video down immediately and planned to re-upload a version with the key removed. Had the correspondence ended there, this issue would have been quickly resolved.
However, the rest of the email alleged that we had bypassed their licence system and breached anti-circumvention laws. We disagreed, and responded with the following key points:
- The content does not bypass access controls or remote validation systems. It shows how to set a local flag in the user’s own database, a flag the plugin itself sets when the ‘Accept’ button is clicked.
- The plugin is GPL licensed, which permits users to inspect, modify, and redistribute the code. The action described falls within the freedoms protected by the GPL.
- Our article includes minimal code, provided only to support technical explanation, and qualifies as fair dealing under UK copyright law.
- The claim that we accessed protected systems is incorrect. The article does not discuss or affect any system outside of the user’s own WordPress installation.
- Finally, identifying us via a visible licence key and using that to issue threats raises potential concerns under the UK GDPR, which prohibits unauthorised use of personal data.
We made our position clear and hoped the matter would rest there. Unfortunately, ServMask escalated by submitting a formal DMCA takedown request to our hosting provider. As we anticipated, this request repeated the same unfounded allegations and invoked US-specific legislation such as the DMCA and CFAA.
To clarify: we are a UK-based company, hosted on UK servers, and our content is created, published, and maintained under the legal jurisdiction of England and Wales. The DMCA and CFAA are US laws and do not apply here. UK copyright law governs this situation, and under that framework, our article is lawful.
We have submitted a full rebuttal to our host, outlining the legal and technical basis for our content. The final decision rests with them, but we are already preparing contingency plans to republish that content elsewhere if necessary. We are please to say for now our host is happy to continue to host the article.
We do not take this step lightly, but we believe this is an important fight. At its core, this is not just about a single plugin or a single article. It is about defending the right of users to control the software they run, to speak openly about how it works, and to challenge attempts to retroactively impose restrictions not present in the original licence.
This kind of pressure tactic has no place in the open-source community.
Email from Servmask:
I came across your recent YouTube video and accompanying article:
- https://www.youtube.com/watch?v=nthItw1lqpM
- https://techarticles.co.uk/all-in-one-migration-unlimited-extension-eula-popup/
Both clearly show how to bypass the licensing and EULA prompt of our plugin, which constitutes circumvention of a legitimate license enforcement mechanism. This is both unethical and potentially a violation of copyright and anti-circumvention laws.
I’m reaching out to ask that you take both the video and article down immediately and refrain from sharing similar content in the future. I’d prefer to resolve this informally, without escalating to legal or DMCA action.
Also, your personal license key is visible in the video, which is how I was able to identify and contact you.
Please confirm within the next 48 hours whether the content will be removed.
Our Reply to Servmask
Thank you for your email and for bringing the licensing concern to my attention.
Firstly, I want to clarify that any exposure of a licence key in the video was entirely unintentional. I’ve removed the video for now and intend to re-upload it with the key and relevant portions edited out. I had not expected the key to be stored in the database, given it appears to be hard-coded in the plugin files.
With respect to your claim that my video and article “bypass licensing,” I must respectfully disagree. The content demonstrates how to simulate the manual acceptance of a EULA prompt within the plugin’s interface. It does not alter, circumvent, or crack any licensing enforcement mechanism. This is functionally equivalent to a user clicking an “Accept” button themselves something fully within the scope of GPL freedoms.
Under the GNU General Public License (GPL), users are explicitly granted the right to inspect, modify, and share software code. The portion of code demonstrated in the video and article is covered by this license. Furthermore, any snippets shown are either authored by me or minimal excerpts used under UK fair use provisions for criticism, review, or educational purposes, as outlined by the UK Intellectual Property Office (source). It is also well within the licence terms.
Your suggestion that this content violates copyright, EULA terms, or anti-circumvention laws does not appear to be supported by the facts or legal standards applicable in the UK. The plugin in question is released under the GPL, and no proprietary, encrypted, or access-restricted systems were circumvented.
You also mentioned identifying me via my license key, please note that using personal data in this way without a lawful basis could constitute a breach of the UK GDPR. I’d encourage your team to review this carefully.
While I appreciate your preference for resolving this informally, I must reiterate that there is no infringement taking place. Any DMCA notice issued against this content would be, in my view, a misuse of that process, and I would contest it accordingly.
Lastly, I strongly disagree with your characterisation of the content as unethical. On the contrary, it includes a clear disclaimer encouraging users to understand and respect the EULA. I believe this type of critical examination is entirely legitimate and in the spirit of open-source licensing.
For transparency, I intend to publish both your email and my reply. This issue touches on broader concerns around GPL rights, fair use, and responsible plugin behaviour particularly regarding forced prompts that affect user experience.
Reply from ServMask
Thank you for your message.
What Happened Next?
As expected, even after we clearly explained the legal and technical justification for the article, ServMask submitted a DMCA takedown request to our hosting provider. The tone of the original email had already suggested this was likely.
To be clear, our host will ultimately decide how to respond. We have laid out our legal and technical position in full, and they are currently reviewing it.
We have deliberately chosen to host our site in the UK with an EU-based provider. This is not accidental. We have concerns about the way DMCA takedowns are routinely misused, often bypassing due process and presuming guilt. As a UK limited company operating under the legal jurisdiction of England and Wales, our content complies fully with UK law.
Regardless of our host’s decision, we are preparing to republish this content through alternate means, as we believe we are legally entitled to do.
The DMCA Notice:
I am writing to file an urgent takedown notice regarding content hosted on your servers that violates both the Digital Millennium Copyright Act (DMCA) Section 1201 and potentially the Computer Fraud and Abuse Act (CFAA) by instructing users to circumvent security measures and access our systems without authorization. Infringing URL: https://techarticles.co.uk/all-in-one-migration-unlimited-extension-eula-popup/ Copyright Owner Information: ServMask Inc. XXXXXXXXXXXX XXXX 16192 Coastal Highway, Lewes, DE 19958 USA legal@servmask.com Description of Protected System: All-in-One WP Migration Unlimited Extension employs a multi-layered security and authentication system that controls access to our copyrighted software through: – Cryptographic authentication tokens (nonces and secret keys) – User permission verification systems – Audit logging mechanisms tracking user identity, timestamps, and version control – Server communication protocols for license validation Violations: 1. DMCA Section 1201 Violation – Circumvention of Technological Measures The article provides specific code to circumvent our access control system, bypassing all security checks and authentication mechanisms designed to protect our copyrighted work. 2. CFAA Violation – Exceeding Authorized Access The article instructs users to: – Bypass authentication systems without proper credentials – Manipulate database values to gain unauthorized access – Circumvent security measures that track and validate user authorization – Avoid audit logging that records legitimate access This constitutes instructions for exceeding authorized access to a protected computer system under 18 U.S.C. § 1030. Specific Harm: The circumvention method: – Destroys audit trails required for legal compliance – Prevents license validation with our servers – Enables unauthorized use of our software – Compromises our ability to enforce licensing terms Good Faith Statement: I have a good faith belief that the distribution of circumvention instructions is not authorized by law and violates both the DMCA and potentially the CFAA. Accuracy Statement: I swear, under penalty of perjury, that the information in this notification is accurate and that I am authorized to act on behalf of ServMask Inc. Request for Immediate Action: Given the serious nature of these violations, we request immediate removal of the infringing content to prevent further unauthorized access to our systems and circumvention of our security measures. Electronic Signature: XXX June 22, 2025
Narrative:
We want to provide some additional context around the DMCA notice. Based on our review of the claims, we find it difficult to believe that this notice accurately reflects either the legal position or a good-faith interpretation of the situation. The reference to the U.S. Computer Fraud and Abuse Act (CFAA) is particularly questionable, as the actions described in our article concern data within a user’s own self-hosted WordPress installation something entirely outside ServMask’s control or jurisdiction.
For transparency, we have chosen to redact the name and job title of the individual who submitted the notice. This is not about targeting a person, but rather addressing what we believe is a clear example of corporate overreach.
Our reply to the DMCA
I am writing in response to the takedown request submitted by ServMask Inc., which alleges violations of the DMCA Section 1201 and the U.S. Computer Fraud and Abuse Act (CFAA) in relation to content hosted on my website:
URL: https://techarticles.co.uk/all-in-one-migration-unlimited-extension-eula-popup/
After carefully reviewing the claims made in their notice, I must respectfully contest its validity on the following legal and factual grounds:
1. The Article Does Not Circumvent Access Controls or Security Systems
The article simply explains how a WordPress plugin stores a licence acceptance flag in a local database and describes how a user, on their own self-hosted installation, can toggle that flag manually. This is technically identical to clicking an “Accept” button within the user interface.
No cryptographic checks, remote validation, or server-side enforcement mechanisms are bypassed. The plugin’s external licence validation continues to operate as intended. At no point does the article instruct users to access ServMask servers or other third party systems. It deals solely with a locally-hosted WordPress database under the user’s control.
2. GPL Licence Explicitly Permits Modification
The software discussed is distributed under the GNU General Public License (GPL), which explicitly permits users to inspect, modify, and redistribute code even in ways that change functionality. Any suggestion that this violates the software’s licence terms is directly contradicted by the terms of the GPL itself.
Furthermore, users modifying a plugin running on their own infrastructure are not accessing a third-party system. The CFAA, a US law, is aimed at unauthorised access to external or protected systems. It does not apply to private modifications of software on one’s own server.
3. Fair Dealing and Educational Intent
The article is written for the purpose of education and commentary. It does not redistribute or republish ServMask’s software. Any code excerpts included are minimal and solely for illustrative purposes fully in line with the UK’s “fair dealing” exception for criticism and review, and likely fair use under US copyright law if relevant.
4. The CFAA Is Not Applicable
The CFAA (18 U.S.C. § 1030) addresses unauthorised access to external systems. The article does not encourage or enable such access. It solely covers modifications to a local WordPress installation on a server owned and operated by the end user.
No access to ServMask’s systems is involved at any point, and no remote authentication or validation is bypassed.
5. Potential Abuse of the DMCA Process
The takedown notice appears to mischaracterise both the technical content of the article and the applicable legal standards. It seems intended to suppress lawful discussion of GPL-covered software, which raises concerns of bad faith.
Please also be aware that under 17 U.S.C. § 512(f), knowingly misrepresenting claims in a DMCA notice can result in liability for damages.
Conclusion
In summary:
- The article is lawful under the GPL and UK copyright law
- No protected systems are accessed
- No unlawful circumvention has occurred
- The content is educational, accurate, and user-focused
I respectfully request that you decline this takedown. There is nothing in the article that violates the DMCA, the CFAA, or UK law. No attempt is made to manipulate any external systems. I am a UK-based publisher and all content falls well within both UK and international legal norms.
To further support this, I have uploaded the original, unlisted video associated with the article, which clearly shows a WordPress instance modifying a value in its own database, operating within the end user’s hosting environment:
Video Link: Removed
Additionally, reviewing the article’s source and the controller.txt file will show how little code is included. It is only enough to support technical explanation clearly within fair use and consistent with GPL freedoms. The database flag being referenced is the same one that is created when the user manually clicks “accept”.
Ongoing Updates:
We will continue to provide updates on this situation as it develops. We remain committed to standing up for software freedom and ensuring that lawful, GPL compliant content remains accessible. If any actions are taken by our host, we will document them here and outline our next steps. This article, and the principles it stands for, will remain available in some form regardless of the outcome.
Invitation to Respond
In the spirit of open and honest dialogue, we invite ServMask to respond publicly if they wish to clarify their position or provide further comment. We are happy to publish a reply in full, unedited, alongside this article.
We believe that open-source thrives on transparency and discussion, and we welcome differing views presented in good faith.
At the time of publication even though they have been given a full copy of this article in advance of publishing they have not issued a reply beyond “Please direct all further correspondence on this matter to legal@servmask.com” if this changes we will update the article as promised.
Additional consequence of the article
Since the video and article have been published they seem to have cancelled my personal licence as can be seen below:
I have emailed Support and Legal to restore my licence, there has been no response so it is my intention to fork this plugin as the GPL licence allows me too, I have been forced to do so by there actions and the fact they haven’t restored my licence.
