topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Monday March 18, 2024, 9:34 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: What the hell is OpenCandy?  (Read 361553 times)

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #200 on: March 09, 2011, 04:01 PM »
Just out of curiosity: are you going to state right up front on your download and product info pages that it contains OpenCandy, identify it as an adware application, and say that if you don't want to install it you'll need to explicitly tell it not to? and that tracking software may remain on their machine even if they later "uninstall" it.

Or are you going to let them find out about it after they download and start installing like it seems everybody who is including it does?

Well 40hz, I didn't see you warn me (us?) that the article you linked to was on a page
a) full of ads
b) which used at least 1 type of tracking mechanism
c) left behind files on my PC (numerous cookies, at least two of which were for tracking my browsing habits) even after I browsed away from the page.

That article, was every bit as evil as people seem to claim OC is.

Funny. That didn't happen to me. I have a cookie and ad blocker installed on my machine.

But apparently this discussion is getting you upset. So tell you what. Let's just forget it. Ok? :)

-----

P.S. Perhaps I didn't warn you because I didn't know? It isn't my webpage. Which is a bit different than somebody who signs on with OC and does know what it does. Or at least I assume they would before they started deploying it.

« Last Edit: March 09, 2011, 04:07 PM by 40hz »

Eóin

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,401
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #201 on: March 09, 2011, 04:18 PM »
40hz, no I'm not upset, I just never understood why people seem so angry at OpenCandy and yet turn a blind eye to, or at least don't seem to care that much about, others which do the same, and often worse.

I'm not saying I think what OC does is fine and dandy, I'm asking why are people singling it out?

And again, I'm really not upset, not in the slightest. Also I know you didn't write the article, nor is it your site. But I just couldn't let slide the irony of an article complaining about OC while at the same time carrying out all the same evils, discovering that bit of hypocrisy pretty much made my day :)

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #202 on: March 09, 2011, 05:03 PM »
The paranoia which surround OpenCandy astonishes me. I find the DLL related freak-outs particularly funny, seems as if people think a DLL sitting on your harddrive is more dangerous than a txt file? Which by the way, in terms of security/vulnerability issues, it's not!
I've yet to hear of a text-file exploit, but it's not outside the realm of possibilities that an exploit could be found in the Portable Executable parser somewhere, that could trigger during explorer icon-extraction, an anti-malware program scanning the file, etc :)
- carpe noctem

Eóin

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,401
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #203 on: March 09, 2011, 05:12 PM »
True, true. Maybe I should have compared the DLL to an image or document file, PDF exploits anyone 8)

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #204 on: March 09, 2011, 05:14 PM »
It seems like a lot of FUD, because there's a resistance to anyone monetizing software through ads.  A bad state of things, as I think there's a right way, and a wrong way, and it should be a legitimate way to monetize software development.

Might want to read the article I linked to before you assume it's FUD. OC does not do things the way most "monetizing" add-in software does. And the guys operating the freeware review site I mentioned aren't Nervous-Nellie sensationalist type bloggers either.

There's a legitimate concern surrounding OC in particular - which has nothing to do with software authors wanting to make some money from their efforts. So let's focus on this specific software and not get sidetracked.

I did read the article- now when you linked, and before when App first published it.  It does have points, and does give useful information.  But a lot of the rampant almost fanatical negativity was, and still is FUD.  Not in an intentionally negative way, but certain inflammatory terms used automatically trigger certain responses in readers, and at that point rational discussion of the salient points go out of the window in a lot of cases.

However, why people who are looking for sales don't just release their app as trialware will always be a mystery to me. Unless, of course, it's because the market has made it clear it doesn't consider the app worth paying for to begin with - hence the author's need to "monetize" as opposed to sell it.

Note too that Microsoft is flagging OC as adware/spyware. And nobody is more committed to the concept of having people pay to use software than they are. Draw whatever conclusions you will from that. But I don't think FUD can legitimately be one of them.
 :)

Because there's always more than one way to monetize anything, and looking at only one revenue stream as the source of income for your application will put you at a disadvantage from the start?  For some applications, this seems like a better way to take advantage of revenue streams than charging for them- perhaps because while the app is worth the money, the sector it's target at isn't one that's easy to break into/willing to pay for software?  Or a myriad of other reasons...
« Last Edit: March 09, 2011, 05:18 PM by wraith808 »

PhilB66

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,522
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #205 on: March 09, 2011, 05:32 PM »
Just out of curiosity: are you going to state right up front on your download and product info pages that it contains OpenCandy, identify it as an adware application, and say that if you don't want to install it you'll need to explicitly tell it not to? and that tracking software may remain on their machine even if they later "uninstall" it.

Or are you going to let them find out about it after they download and start installing like it seems everybody who is including it does?

Well 40hz, I didn't see you warn me (us?) that the article you linked to was on a page
a) full of ads
b) which used at least 1 type of tracking mechanism
c) left behind files on my PC (numerous cookies, at least two of which were for tracking my browsing habits) even after I browsed away from the page.

That article, was every bit as evil as people seem to claim OC is.

Funny. That didn't happen to me. I have a cookie and ad blocker installed on my machine.

But apparently this discussion is getting you upset. So tell you what. Let's just forget it. Ok? :)

-----

P.S. Perhaps I didn't warn you because I didn't know? It isn't my webpage. Which is a bit different than somebody who signs on with OC and does know what it does. Or at least I assume they would before they started deploying it.


That's app's blog you linked to.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #206 on: March 09, 2011, 05:37 PM »
^ I respectfully submit if you're incorporating OC into your software in order to monetize it, then you aren't selling your software. You're working for OC, and helping them deploy their data harvesting client* software by using your own software product as wrapping paper.  

Maybe it's different now. But when I went to management school, I was taught your real customer is the person who pays you, not the person who's name and address are on the shipping tag.

I have no objection to anybody doing that if they're comfortable with it. (My reservations are with OC.)  But that's not the same thing as successfully marketing your own product.

Just my 2¢
 :)

-------------
*Note: Renegade is disputing the accuracy of my calling OC a "data harvesting client." (See below.) Since he is in the process of signing on with OC, has carefully researched it, and has promised to get us squared away on what it is and how it really works, I've switched my original wording to the more generic term 'software.'

@Renegade - You have the floor, Sir! :up:

« Last Edit: March 09, 2011, 07:31 PM by 40hz »

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #207 on: March 09, 2011, 06:06 PM »
Just out of curiosity: are you going to state right up front on your download and product info pages that it contains OpenCandy, identify it as an adware application, and say that if you don't want to install it you'll need to explicitly tell it not to? and that tracking software may remain on their machine even if they later "uninstall" it.


This is one of the things I hate about trying to make a living in software. The moment you try something on the desktop, no matter how above board you are, people dump on you for getting into bed with the Devil and spawning the Antichrist. Sigh...

Mind you, people seems to be perfectly fine with serving ads in mobile applications and web applications. All animals are created equal, but some are more equal than others...

No. I'm most certainly NOT going to identify it as adware because it isn't adware. The installer displays offers that people can accept or reject.

Adware got a bad name (and rightfully so) because software would install other software (the actual adware program)that would pop up ads at any time -- the installed software's sole purpose was to pop up ads on the desktop. OpenCandy does not do that at all.

It's kind of like accusing the Pope of being in the KKK because he's got a big pointy white hat.

There is no tracking software installed either.

OpenCandy scans for previously installed versions of software that it has to offer. If it detects it, it doesn't offer it. Why would it? You already have it. That only makes sense. Being intelligent doesn't make you bad.


Or are you going to let them find out about it after they download and start installing like it seems everybody who is including it does?


Actually, no. See here:

Opening up software business for complete transparency

My plan is to open up as much as possible. I'm still thinking about how to do that, and what to make public, but for revenue methods I will be putting out explicit information about that.

I'm thinking about a short "How is this free" or "Why is this free" section on product pages with a longer entry in the FAQ, then links to http://cynic.me/ articles that go into extreme depth about EXACTLY what is going on.


I'm not trying to sound hostile. I've got nothing but respect for you. It's just everybody using OpenCandy seems to almost go out of their way to hide its presence as much as possible from what I've seen. Makes me wonder if there's something in OC's license or in some policy or recommendation that suggests or requires a 'stealth' approach.  :)


I never had ads on any of the sites I run/ran (excpet for a brief run at http://renegademinds.com/ on a few pages that I removed). I hate ads. But, putting food on the table and paying bills in more important than my loathing of ads.

I've checked into OpenCandy probably a lot deeper than most people here. I have not found anything suspicious or anything that would make me think that they are one of the bad guys.

I've emailed with them a fair bit and brought up the Windows Defender issue. (Speaking of...)



I'm not smart enough to know if OC is a threat or not.
That's why I have security programs that detect threats.

http://www.opencandy...soft-adware-debacle/

Is a poor attempt at some kind of explanation. IMO.
And minimizing their own problems.
Blaming MS Defender, well Nod32 found it too.
So it's not MS at fault, but OC's changes that got caught.
And now they back peddle.....

(Avast does not flag it.)

In an email I wrote:

After I’d filled out the contact form at the OpenCandy site, I downloaded the Publisher SDK and got a Windows Defender warning. (Screenshot attached.) I am not certain about whether this will be a problem going forward as it appears rather recent. The MS site has OpenCandy flagged only starting in February this year.
 
http://www.microsoft...&threatid=159633

I was in the middle of reading the CEO's blog post about that when he emailed me back with the link.

I said:

Thanks for the link. I’d already followed links from Andrew here:
 
https://www.donation....msg179472#msg179472
 
And was in the middle of reading it. :)
 
And I’ve been there as well with false positives… It’s frustrating in the extreme.

He wrote back:

Yeah, false positives suck. Particularly when it's a large company like MS that doesn't have any concrete way to rectify it. It also sucks when your largest advertising partner (Bing) is calling you adware. It's kooky.


NOW...

How many people here have been caught with a false positive? I have. It sucks. It's painful. It's extremely damaging because the security SCAREWARE industry has no vested interest in truth. They have a vested interest in peddling their products, and that means they have a vested interest in FEAR.

The missing EULA is entirely believable. It happens. Flagging the entire process as adware is extreme though. Should OC have caught it? Yes. Did they? Obviously not. But guess what? The new SDK has that check automatically built in to prevent that sort of thing in the future.

What does this sound like to me?



Just like that.


They are funded by (from their website http://www.opencandy.com/company/ ):

We’re backed by awesome investors like Google Ventures, Bessemer Venture Partners, O’Reilly AlphaTech Ventures, Reid Hoffman and Jordan Greenhall who have joined us on this mission to revitalize the software community.


I'm not going into this blind, but I'm not going to simply accept that OpenCandy is adware (which I would never put in any of my software) when there is zero evidence for it.


I will post back about it later though once I have everything deployed and have more information. I'll be posting (as mentioned above) to http://cynic.me/ with in-depth information about different aspects of the software and business.






Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #208 on: March 09, 2011, 06:08 PM »
...helping them deploy their data harvesting client... 

That is not what it does. You are misinformed.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #209 on: March 09, 2011, 06:37 PM »
...helping them deploy their data harvesting client...  

That is not what it does. You are misinformed.

Ok. Fair enough. Nobody said I was infallible. Not even me.

(Also switched the wording on my post above to accommodate your objection.)

Now could you please explain it to me so I won't be "misinformed" any more? I'm always willing to listen and accept correction. But I'm also not much of a coder so please don't get annoyed if I ask a lot of dumb questions afterwards. Ok?:)

So...starting with the OC thingy itself - who decides how it gets installed? Is it the same in every situation (it's not according to Microsoft BTW) or does each developer get to decide how it will work from a group of ...dunno...options?...deals?...revenue programs?

And if it does, does the choice of options determine the amount OC pays the developer?

 :)

P.S. No need to shout or get super creative with the font attributes. We're all listening to you even if we won't always agree. This is DC. We can be passionate about something without getting pissed off about it.

(Loved the Monty Python clip BTW. One of my favorite movies, although I thought the Holy Hand-grenade of Antioch scene was the best one. ;D)

 :Thmbsup:
« Last Edit: March 09, 2011, 07:34 PM by 40hz »

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #210 on: March 09, 2011, 07:00 PM »

I never had ads on any of the sites I run/ran (excpet for a brief run at http://renegademinds.com/ on a few pages that I removed). I hate ads. But, putting food on the table and paying bills in more important than my loathing of ads.

Understand.

I've switched careers twice because being responsible and paying back money I owed was more important to me than doing what I really wanted to do.

In my case, I compromised by doing something I was good at (and didn't mind doing) which paid well - instead of something I was really good at (and that I very much wanted to do) which didn't.

Too bad I couldn't get people to pay me enough, soon enough, to do what I wanted to do with my life. C'est la vie. ;D

I'll find a way to get back to it some day.  :-*

Or not.

No complaints. No regrets.

Onward! :Thmbsup:

« Last Edit: March 09, 2011, 07:11 PM by 40hz »

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #211 on: March 09, 2011, 07:17 PM »
Good op-ed piece which includes an eye-opening list of major apps known to include OpenCandy. Link here.


That my blog.  :D

Well 40hz, I didn't see you warn me (us?) that the article you linked to was on a page
a) full of ads
b) which used at least 1 type of tracking mechanism
c) left behind files on my PC (numerous cookies, at least two of which were for tracking my browsing habits) even after I browsed away from the page.

That article, was every bit as evil as people seem to claim OC is.

Sorry you feel that way but it's trivial to either set your browser to not accept 3rd party cookies (which I think is the default setting in most browsers) or to clear your cookies (one click of a button)...or use an ad blocker...or use noscript. At least one of these can be easily handled by even less experienced users.

I don't recommend an inexperienced user to muck around in their registry trying to remove OC entries that serve as permanent tracking cookies, though.


40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #212 on: March 09, 2011, 07:36 PM »

That my blog.


Cool. I liked it. (Even if some people think it's "evil.") ;D


Eóin

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,401
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #213 on: March 09, 2011, 07:57 PM »
Sorry you feel that way

I don't actually feel that way, and I certainly don't think your blog is 'evil'. But I do consider the three points I made to still be valid, it's is hypocritical for anyone to diss OC's behavior, while defending those same actions when a website does them.

Renegade is perfectly correct here when he calls out peoples double standards when it comes to desktop applications versus mobile and web applications

Also, frankly, trying to claim cookies are ok because they are easier to remove, while a reg entry is evil because it's harder to remove is not logical. You're arbitrarily drawing a line and saying 'easier than this is ok while harder than this is evil' and, conveniently, you've chosen to carefully position that line such that it defends your argument.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #214 on: March 09, 2011, 08:17 PM »
^In all fairness, deleting a cookie can't screw up your Windows installation or render your machine unbootable

Doing something in regedit certainly can if you don't know what you're doing or you're not careful.

That's a significant difference from a purely operational perspective - with no philosophical justification required.  ;D

Even Microsoft recommends, as a rule of thumb, that the registry not be manually edited if at all possible.

 8)
« Last Edit: March 09, 2011, 08:22 PM by 40hz »

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #215 on: March 09, 2011, 08:21 PM »
...helping them deploy their data harvesting client... 

That is not what it does. You are misinformed.

Ok. Fair enough. Nobody said I was infallible. Not even me.

(Also switched the wording on my post above to accommodate your objection.)

Now could you please explain it to me so I won't be "misinformed" any more? I'm always willing to listen and accept correction. But I'm also not much of a coder so please don't get annoyed if I ask a lot of dumb questions afterwards. Ok?:)

So...starting with the OC thingy itself - who decides how it gets installed? Is it the same in every situation (it's not according to Microsoft BTW) or does each developer get to decide how it will work from a group of ...dunno...options?...deals?...revenue programs?

And if it does, does the choice of options determine the amount OC pays the developer?


It's actually very simple.

1. Develop software.
2. Create installer.
3. Incorporate OpenCandy into installer.

That's pretty much done there.

So, what we have is an installer with the OpenCandy DLL in there (OCSetupHlp.dll).

What happens is that during the installation the OpenCandy DLL checks to see if there is any software in its offerings that is already installed. If it is, then it doesn't offer that software to the user. Why would it? They have it already~! So, instead it offers other software that might be interesting for them or maybe not. If it is, then the user can check a radio button to accept the offer, or check a radio box to decline the offer. This makes sense for the user, the developer, and OpenCandy.

IMPORTANT: Note here that those are both unchecked radio buttons. This forces a user decision. It is neither "opt-in" nor "opt-out" in the traditional sense of a checkbox.

I believe that is a fantastic way to balance the interests of both the developer and the user. The decision is ENTIRELY up to the user and they must proactively make that decision.

The checked/unchecked check box is a passive way to deal with the problem, and quite frankly, it's very poor. Unless you want the default action... In which case you're making the decision for the user. Not good.

So... back to what's happening.

Once the user decides, the installation proceeds as normal. A downloader dialog fetches their offer and once it's completed, the user must click a button to begin the installer. (A second action.)

That completes the process. The OCSetupHlp.dll file (from the original installer) is not left on the system as it has completed its purpose.

I installed some software with OpenCandy in it and I've checked my Registry. I have 14 occurances of OpenCandy and ALL of them are things that I created or are from the SDK. There are no OpenCandy registry entries from any software. There are 0 occurances of 'OCSetupHlp'.




So...starting with the OC thingy itself - who decides how it gets installed? Is it the same in every situation (it's not according to Microsoft BTW) or does each developer get to decide how it will work from a group of ...dunno...options?...deals?...revenue programs?

And if it does, does the choice of options determine the amount OC pays the developer?

It doesn't get installed. That's simply not true. It "runs". There's a difference. As above, it runs during the installation of the developer's software.

The DLL has no options. Integrating it into an installer is very straight forward and simple. I had a few hiccups, but they were entirely due to me not being an Inno Setup guru. (It took me a bit to locate a few things in Inno Setup, but once I did, it was smooth sailing.)

The ONLY things that you customize are things that are specific to your own software, e.g. name of the program, your program key from OpenCandy, and your program secret key from OpenCandy. (They track that information, which lets you get paid.)

They also track basic, non-personal information like operating systems. e.g. How many Win XP, Vista and Windows 7 boxes? Technical specs in aggregate form are important for OpenCandy and developers, but are in no way violating any kind of privacy. Anyone that would complain about this is simply complaining for the sake of complaining. 

Remember, OpenCandy's job is to maximize the amount of revenue that they earn from the offers they have available. They pay developers a portion of that revenue, so it's in the developer's best interests to have higher paying software offers through their installers.

But the developer has no control over that. It's the developer's job to go out and get "customers" into the shop. It's OpenCandy's job to offer an "upsell" to the customer, who is free to choose to accept or decline the offer.

Incidentally, but very much related, I've also been speaking with a competitor to OpenCandy in the same business. I mentioned OpenCandy's problems and the person I was talking to said that it was unfortunate for them. Judging from what he said and how he said it, it sounded like he empathized with them and understood OpenCandy's problems, and that he understood that those problems were not really justified or the fault of OpenCandy. But that was just my reading of what and how he said it.


P.S. No need to shout or get super creative with the font attributes. We're all listening to you even if we won't always agree. This is DC. We can be passionate about something without getting pissed off about it.

Sorry. That wasn't my intent, and I wasn't angry. I meant that for emphasis to point out the origin of adware as it is very different from what we're talking about here. I didn't want it to get lost in the 'noise' of my lengthy ramblings. :)


Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #216 on: March 09, 2011, 09:14 PM »
Also, frankly, trying to claim cookies are ok because they are easier to remove, while a reg entry is evil because it's harder to remove is not logical. You're arbitrarily drawing a line and saying 'easier than this is ok while harder than this is evil' and, conveniently, you've chosen to carefully position that line such that it defends your argument.

Windows comes with a firewall, which is turned on by default. If you shut it off and then as a result get exploited with a worm, do you have a right to blame anyone but yourself?

If your browser rejects 3rd party tracking cookies by default and you change the setting to accept them, do you have anyone to blame but yourself when you end up with 3rd party tracking cookies?

Do you believe that webmasters have a right to view their own server logs? There is plenty of statistical information there without the need to use a 3rd party service.

I feel a webmaster has a right to this data, he has the right to know how many visitors he has had in any given day, has the right to know what his most popular pages are, has a right to know what browsers his visitors are using (should he keep supporting IE5 if nobody is using it any more?), etc.

My blog is hosted by Google, which doesn't allow me to have access to any of that data. If I want it, I have to use a 3rd party service such as Google Analytics or Koego, which I do use. There aren't too many other options if I want access to this information without moving my blog.

As far as the ads go, I would love to get rid of them and perhaps some day I will, but not until I can figure out another way to pay for the renewal of my domain names every year. Currently the Google ads on all of my sites and blogs are funding keeping 2 sites going. I am not really making a profit at all. I am barely breaking even. The Project Wonderful ads are frequently empty on most of my sites or they are providing free advertising because nobody wants to bid higher than $0 for the traffic I have. (my personal blog would be the exception to that)

If people start clicking the paypal button on my sites and donating enough to cover my needs, all the ads are gone, except for some simple linked graphics to sites I provide free advertising to because I like them and want to support them. (I recently made a change on some of my sites to display an ad to Veign's OpenMenu for free, when nobody is bidding on my ad boxes)

It's really tough to earn anything on the more ethical ad network that I use on most of my sites (Project Wonderful) when download sites are leeching from you without sending you any traffic. I have a standard email response for download sites that do that, and their reaction is usually to just remove my software from their database than to work with me to come up with a compromise that can make us both happy. They want to exploit me and use my software and my bandwidth (actually DC's) to make money off their ads, while not sending me any traffic to keep my sites online with mine (even though DC hosts them for free, I still need to pay for domain names).

The exception is Software Informer, which recently reviewed one of my apps and emailed me about it, and then changed from direct linking of download files to linking to my site when I asked them to. First download site to ever do that. If all the download sites did that I could drop the Google ads from all my sites and replace them all with Project Wonderful, because I'd have the kind of traffic that advertisers would bid on.

I can see why a software developer might be tempted to use OC. I have battled with the thought myself but ultimately I can't bring myself to do it because I don't trust OC at all. They keep going back on their own words, keep breaking promises, keep being sneaky, and only change things for the better when they get caught...till they can come up with a new way to be sneaky.


40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #217 on: March 09, 2011, 09:15 PM »
@Renegade - ok, I think I'm following so far.

Few more questions (there will probably be more later):

0. I have been told that prior to doing any sort of opt-in or opt-out, OC scans the user's drive and sends back information to...someplace...and modifies the users registry without any notification or option to prevent it. This operation is automatic, unstoppable, and runs completely invisibly. Is this true?

1. Why doesn't OpenCandy make it's presence known during the installation like the Ask Toolbar or other (supposedly) "just like" apps do. Why not just call it what it is? It seems OC tries to cloak it's presence by burying itself in somebody else's installer and EULA. Why is that? Why don't they just run OC as an additional installer that tags along (like everybody else's does) if it isn't primarily motivated by a desire to make its presence and actions less noticeable? What good and purely technical reason(s) do they offer for doing it this way?

2. The author of DarkWave Studio uses OC, and says he has set it to default to opt-out. Do you control whether it is set up to follow an opt-in or opt-out methodology? DWS's author seemed to infer it was his choice which way to go. How does his statement square with your statement there is no opt-in or out per se?

3. Is there anyplace where you are given the opportunity to remove all traces of OC regardless of where (registry, etc) they are located without having to manually dig it out? Do they publish a utility to do that? And do they advertise such a utility is available and make it easy to get if they do? If not - why not?

4. Why do they store their stuff in the registry? Is there a demonstrably valid technical reason for doing it that way as opposed to putting it in some sort of cache file elsewhere on the drive?

5. You object to calling OC adware. But then you say it presents "offers." How is an "offer" to consider buying something different than an "ad" which also asks you to consider buying something? Forgive me if I sound obtuse. But I suspect I may be a little 'colorblind' in that end of the spectrum. What in the name of the Purple Buddah is the difference between an ad and an offer?

6. You seem to infer that you're comfortable with OC's business model and modus operandi. Are you comfortable enough with it that you'd be willing to accept personal responsibility for any software problems, privacy breaches, or security issues introduced on one of your user's machines if it was the direct result of something done by OC during it's normal operations? Not to say you should. But would you at least be willing?

7. Does OC in any way indemnify you for any problems their software may cause your user's system? If you get sued by somebody because OC did something and you got blamed for it - does OC offer you any legal protections or warranties?

8. Have you been allowed to examine the source code for their software - or gotten a chance to look behind the scenes and observe their backoffice operation in action? If not, why do you trust them like you do?

-------------------------

I know these are a lot of questions. So don't feel rushed to get back. Sorry to be asking you all this. But you're apparently DC's resident expert on things OC -so You Da Man to ask.

 :)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #218 on: March 09, 2011, 09:36 PM »
Windows comes with a firewall, which is turned on by default. If you shut it off and then as a result get exploited with a worm, do you have a right to blame anyone but yourself?

I hate this argument. e.g.

Your house comes with a lock, which most people lock by default. If you unlock it and get robbed and murdered, do you have a right to blame anyone but yourself?

Well... First, yes. You do have a right. It's the robber/murderer (malware author) that is to blame.

Sigh... Second, no. You know you live in a bad neighborhood (the Internet), and you should have been more careful.

I don't think there's a right answer.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #219 on: March 09, 2011, 09:42 PM »
while the app is worth the money, the sector it's target at isn't one that's easy to break into/willing to pay for software?

I understand what you're saying.

But from a business perspective, what you're saying doesn't really hold. Worth is a term that has no intrinsic meaning in business. Worth is a purely relative concept.

--------------

Q: Is any basketball player ever worth a $30 million dollar contract?

A: So long as any team is able and willing to pay him that amount - he is worth every penny of that $30 million - and not one cent more or less.

--------------

Q: I have an extremely valuable software product I want to sell. But nobody is interested in buying it. From a purely business perspective, what is my product worth?

A: It is worth whatever the market is willing to pay for it. So long as the customer is willing to pay no more than $0 for it, the product worth is $0.

--------------

BTW: Business is all about sales. A customer is not a customer until they buy something. So a customer who only offers to 'pay' $0 is no customer at all. And since a business can't be a business without at least one customer- anything which doesn't generate customer revenues can't be considered a business either.

Until somebody buys something, there is no 'business.'

Gratis is a marketing strategy. It's not a business model.

 :)

 :)

« Last Edit: March 09, 2011, 10:02 PM by 40hz »

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #220 on: March 09, 2011, 11:44 PM »
@Renegade - ok, I think I'm following so far.

Few more questions (there will probably be more later):

0. I have been told that prior to doing any sort of opt-in or opt-out, OC scans the user's drive and sends back information to...someplace...and modifies the users registry without any notification or option to prevent it. This operation is automatic, unstoppable, and runs completely invisibly. Is this true?


No. It is not completely true.

The license screen is displayed prior.

Checking, and the DLL "OpenCandy_{57E292A3-7C15-41F2-AD55-F8AADEA415B7}.dll" (some GUID in there) runs from User/NAME/AppData/Local/OpenCandy/OpenCandy_{GUID}.dll.

I'd need to look into it some more. It uses Amazon storage though.


The installer IS the user interface. It IS the front facing interaction. There's no reason to display more than that. That would only complicate things further.



1. Why doesn't OpenCandy make it's presence known during the installation like the Ask Toolbar or other (supposedly) "just like" apps do. Why not just call it what it is? It seems OC tries to cloak it's presence by burying itself in somebody else's installer and EULA. Why is that? Why don't they just run OC as an additional installer that tags along (like everybody else's does) if it isn't primarily motivated by a desire to make its presence and actions less noticeable? What good and purely technical reason(s) do they offer for doing it this way?


It's like going to the grocery store and having them ask you to make a donation to some cause, e.g. flood victims or whatever, at the register instead of having people ask you as you enter/leave -- it's more streamlined.

There's nothing masked or cloaked about it. The EULA is displayed. Nobody reads them. Who's fault is that? You can only do so much. Would you prefer that all software force you to click a checkbox for every sentence in the EULA? Of course not.

The way they have it set up is minimally intrusive and easy to work with. It's right up in front with nothing hidden at all.

I can't "see" air. So... God must be hiding something from me in the air. God is out to get me. God is in league with Satan...

Of course invisible processes are invisible. That's nothing new. In the *NIX world they are daemons, and in the Windows world, services. Software runs invisibly all the time. A lot of things just don't make any sense to have a UI for. That doesn't make them malicious.

If they did set it up like you mention there, people would complain because it's too intrusive running another installer.

There's no winning at all. It's damned if you do, damned if you don't, and damned for any reason whatsoever.

I blame all this on the SCAREWARE industry. They're some of the most irresponsible b******s out there. They've got everyone so brainwashed about "malware" and whatever that there's no escaping the tiniest scrutiny.

Some software writes to its program files folder. Does that make it evil?

There's just no good reason to make a simple installation all complicated and to require the user to confirm every little thing. Most people wouldn't know what any of it was anyways!


2. The author of DarkWave Studio uses OC, and says he has set it to default to opt-out. Do you control whether it is set up to follow an opt-in or opt-out methodology? DWS's author seemed to infer it was his choice which way to go. How does his statement square with your statement there is no opt-in or out per se?


I have not seen any opt-in/out options. Maybe those are some of the changes in the SDK.


3. Is there anyplace where you are given the opportunity to remove all traces of OC regardless of where (registry, etc) they are located without having to manually dig it out? Do they publish a utility to do that? And do they advertise such a utility is available and make it easy to get if they do? If not - why not?


Lots of programs leave traces. It's not the end of the world.

A file can't delete itself without a reboot. I've not checked that as I hate rebooting. (I'll check when I do reboot though.)

As far as I can see so far, there's nothing nefarious going on at all.


4. Why do they store their stuff in the registry? Is there a demonstrably valid technical reason for doing it that way as opposed to putting it in some sort of cache file elsewhere on the drive?


Like I said before, I didn't find any registry traces.


5. You object to calling OC adware. But then you say it presents "offers." How is an "offer" to consider buying something different than an "ad" which also asks you to consider buying something? Forgive me if I sound obtuse. But I suspect I may be a little 'colorblind' in that end of the spectrum. What in the name of the Purple Buddah is the difference between an ad and an offer?


Ahem... Which is why I used 20pt. Apparently I need to do it again... Perhaps 36pt is better. In red. :D (Muahahahaha~! :P )


ADWARE got a bad name (and rightfully so) because software would install other software (the actual adware program)that would pop up ads at any time -- the installed software's sole purpose was to pop up ads on the desktop. OpenCandy does not do that at all.


You're confusing ads with "adware". (Thanks to the SCAREWARE industry that does nothing but sow FUD.)

I go to find an answer to a question I have in a search engine. There are ads there. Is the search engine "adware"?

I click through a link to a site to find my answer. They have ads there. Is the website "adware"?

The search engine and website both put cookies on my computer and track me. Are they "adware" or "malware"?

Is TV 'adware'?

I drive down the road and there's a billboard ADvertising something. Does that make the roads "ADWARE"?

I buy a shirt that has the manufacturer logo on it. Does that make the shirt "ADWARE"?

I wear the shirt. With the ad on it. Does that make ME "ADWARE"?

A book I buy has the publisher name, logo, and other information about the publisher in it, which is all entirely irrelevant to the content of the book that I paid for. Does that make the book "ADWARE"?

I go to the movies and there are previews. Are movies "ADWARE"?

There is no end to it.

I put that horrible 20/36pt font there for a reason. ;)

There is a very big difference between "adware" and "advertising supported".

OpenCandy provides a way for software vendors to "advertise" their software by paying other software vendors to display their "ad" or "offer" one time during the installation of that 2nd vendor's software. It does not pop up ads like adware.

When I first came to DC, I followed a link from inside of some weblogs to a review about ALZip.

https://www.donation...ndex.php?topic=896.0

I was clear in my disagreement with the inhouse graphic in the upper right not being adware:

License Type - It's freeware for home users while commercial users have an unlimited trial period, but are asked to purchase a license. It's most certainly NOT adware. None of the ALTools have any adware, no spyware, no junkware, no third party bundled wierdness - nada, zilch, zip :) I really don't want people to think that ALTools are adware. The info banner in the upper right only mentions ALTools and does not serve ads for any third parties. PLEASE - Would you kindly fix this. I really don't want anyone to get the impression that we're associated with that seedy underside of the Internet...

I still believe that.

As an analogy, why don't we hang soldiers for murder? They kill people. That's murder.

Adult topic (analogy)
While we're at it, why not throw all couples in prison for rape. At some point in a relationship partners have sex with the other when they don't really want to, but they do it for the other partner. So, are they willing or not? Why not just solve the problem and throw them all in prison?


The connotation for "adware" is so drastically negative that the 2 analogies above, while extreme, are actually accurate. "Adware" = "death sentence".

Advertising supported? That's ok. Lots of things are. There's nothing wrong with it, and nothing underhanded. (I'll not get into propaganda or what actually happens in mass media advertising as that's an entirely different can of worms, and I'd disagree with my previous sentence in that context.)




6. You seem to infer that you're comfortable with OC's business model and modus operandi. Are you comfortable enough with it that you'd be willing to accept personal responsibility for any software problems, privacy breaches, or security issues introduced on one of your user's machines if it was the direct result of something done by OC during it's normal operations? Not to say you should. But would you at least be willing?


No. I wouldn't. Nobody does. And that's in my EULA. It's a standard disclaimer in all software EULAs.



7. Does OC in any way indemnify you for any problems their software may cause your user's system? If you get sued by somebody because OC did something and you got blamed for it - does OC offer you any legal protections or warranties?


As #6. Standard EULAs all have those provisions.


8. Have you been allowed to examine the source code for their software - or gotten a chance to look behind the scenes and observe their backoffice operation in action? If not, why do you trust them like you do?


Have you seen the source code and gone through it all for your OS and all the programs you run? If not, why do you trust them like you do?

That's really way to far out of line. Companies keep internal processes internal for a reason -- they don't want someone to rip them off and steal their ideas. That's even more important for software companies that have only intellectual property (e.g. copyrights) as their only assets. Google is nothing more than a bunch of dead servers and office buildings without their IP.



I know these are a lot of questions. So don't feel rushed to get back. Sorry to be asking you all this. But you're apparently DC's resident expert on things OC -so You Da Man to ask.

 :)

:)

Like I said before:




:D

I think you're looking for things that aren't there.

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #221 on: March 10, 2011, 04:47 AM »
I think you're looking for things that aren't there.

@Renegade -I've got no agenda. I'm just asking some questions. (See above quote.)  :)

And I did forewarn you that some of them might sound dumb to you. And if so, it would likely be because I don't know half as much about OC as you seem to.

But unfortunately, this discussion is now starting to generate more heat than light. Especially with all those 'over the top' analogies and straw man arguments you're firing off - many of which (though clever) don't address the question being asked.

And to repeat a suggestion I made earlier: Can we possibly (to put it politely) do without at least some of those typographic blandishments you seem to be so fond of?

Very often (like tonight) I'll cruise the DC forum while at a client site. (I try to get caught up whenever I'm lucky enough to get a few minutes of slack time time while waiting for server updates or network tests to finish.) Having something unexpectedly scroll up in 36 point red text on my laptop screen has a tendency to raise the eyebrows of whoever may be sitting near or walking by. Hard to pretend I'm just checking email or looking up some technical info when that happens.  :redface:

And it really wasn't necessary to repeat the Monty Python clip either. Believe me, I "got it" the first time. (And I still think the hand grenade bit was a funnier. ;))

However, it now looks like this conversation is starting to aggravate a couple of folks, to say nothing of beginning to go 'round in circles.

So...I think I'm going to back out of this thread and leave it to others. I'll look for clarification on OC elsewhere.

Wishing you success with whatever deal you've cut with the OpenCandy people. Hope it works out well for both you and your users.   :Thmbsup:

« Last Edit: March 10, 2011, 04:52 AM by 40hz »

y0himba

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 448
  • Yar.
    • View Profile
    • y0himba.net
    • Read more about this member.
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #222 on: March 10, 2011, 04:59 AM »
Plain and simple, OpenCandy doesn't bother me. I think it is a good medium between being invasive and generating revenue for software developers.  I honestly send no identifiable information then recommends a software, nothing is downloaded, installed, no changes made to your system unless you choose to install it.

MSE detects it and pops up this dialog meant to scare people who have no idea what they are looking at, yet Bing is a partner with OpenCandy and is one of the things offered.  I hate adware, I despise software that installs on my system with other software, but this is not like that at all.

If I had a choice, it would not be there, but since developers need revenue, this is the way to go.  IMHO.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #223 on: March 10, 2011, 05:20 AM »
@40Hz

I suppose I get frustrated sometimes. It's not my intent to be abusive or unnecessarily contrary.

I've looked into OpenCandy, and can't see what the fuss is about. It looks like a great thing as it presents a win-win-win-win situation. Users win when they get decent recommendations. Software publishers win when they make money. Software advertisers win when they get their titles in front of people in the crowded market. OpenCandy wins because their business is successful in facilitating all of that.

Sigh... :(
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: What the hell is OpenCandy?
« Reply #224 on: March 10, 2011, 05:40 AM »
Plain and simple, OpenCandy doesn't bother me. I think it is a good medium between being invasive and generating revenue for software developers.  I honestly send no identifiable information then recommends a software, nothing is downloaded, installed, no changes made to your system unless you choose to install it.

MSE detects it and pops up this dialog meant to scare people who have no idea what they are looking at, yet Bing is a partner with OpenCandy and is one of the things offered.  I hate adware, I despise software that installs on my system with other software, but this is not like that at all.

+1 (though that's pretty obvious by now :) )

The whole thing sounds like a false positive to me.


If I had a choice, it would not be there, but since developers need revenue, this is the way to go.  IMHO.

Do you mean the false positive, or OpenCandy?

To be honest, I think that revenue sources that don't require developers to be business people are great. That lets the developers do what they love and still make a living from it. Let the business guys sort out the other things. It's a big pie out there. :)


Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker