Welcome Guest.   Make a donation to an author on the site July 25, 2014, 06:02:56 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Free DonationCoder.com Member Kit: Submit Request.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: Prev 1 ... 9 10 11 12 13 [14] 15 16 17 18 19 20 Next   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: What the hell is OpenCandy?  (Read 121018 times)
JavaJones
Review 2.0 Designer
Charter Member
***
Posts: 2,514



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #325 on: April 02, 2011, 03:26:57 AM »

Yes, but you're far from the only person using OpenCandy, and now that I know what it looks like I realize it's been used in lots of software I've installed recently. I would have liked to know so I could learn more and make a more informed decision. Lack of full disclosure by software authors is my remaining concern.

- Oshyan
Logged

The New Adventures of Oshyan Greene - A life in pictures...
PhilB66
Supporting Member
**
Posts: 1,510


View Profile Give some DonationCredits to this forum member
« Reply #326 on: April 02, 2011, 06:38:04 AM »

So what you're saying is we need a new term to define things like OC?

Here are a few... Ad Conduit, Usage Information Sniffer/Transferer, Privacy Intrusion Mechanism. That's what OC does. How it does what it does is not an issue (at least for me it's not).

Just go through the advertisers list... Crawler Toolbar, My Shopping Genie, PriceGong, SweetIM.....sigh
Logged
cmpm
Charter Member
***
Posts: 2,020

View Profile Give some DonationCredits to this forum member
« Reply #327 on: April 02, 2011, 07:14:51 AM »

Alright, here's a different way to put it-

junk mail, or door hangers
that most of us throw away
they know where I live
for OC, click 'do not install' whatever it is

well, one time I used one of those door hanger ads
they are mostly lawn services and remodeling companies

one time out of thousands I did use one
a Bathroom remodeling service or contractors
cause I did needed some remodeling done to two bathrooms
Decent price as well...

is that any help? lol...
they knew I had bathrooms beforehand I'm sure
without going through my house haha

will this thread ever die?  tellme

OC changed their tactics, which raises an eyebrow.
We are watching to see if it happens again.
Logged
Renegade
Charter Member
***
Posts: 10,854



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #328 on: April 02, 2011, 08:01:33 AM »

So what you're saying is we need a new term to define things like OC?

Here are a few... Ad Conduit, Usage Information Sniffer/Transferer, Privacy Intrusion Mechanism. That's what OC does. How it does what it does is not an issue (at least for me it's not).

I don't think that's an accurate assessment.

I'm willing to be proven wrong, but statements with no facts to back them up don't carry much weight. I've presented a great number of facts here to back up what I've been trying to say.

To be clear, in loud, bold, 20pt, red, all caps:


...and centered. smiley

And in boring, normal type...

Prove me wrong, and I will recant! smiley


Just go through the advertisers list... Crawler Toolbar, My Shopping Genie, PriceGong, SweetIM.....sigh

Dropping out registry cleaners and ones that I am not very familiar with, the list also includes some well respected software companies:

  • AOL Toolbar
  • AVG Anti-Virus 2011
  • eBay Sidebar for Firefox
  • Evernote
  • Groupon
  • Jing by TechSmith
  • Microsoft Bing Bar
  • Microsoft Internet Explorer 8
  • Microsoft Internet Explorer 9
  • Yandex Toolbar
  • Nitro PDF Reader
  • Real Player
  • Snagit by TechSmith
  • StumbleUpon
  • Wakoopa
  • World of Warcraft by Blizzard

Can anyone pick out anything in there that is shady? (I know someone is going to scream about Real... Please stick to today and not ancient history. The process of "working out the rules of the Internet" took some time, and we all know them now. 1999 doesn't count anymore - it's prehistoric history.)

Regarding "Crawler Toolbar", it was "Crawler Toolbar with Web Security Guard". They are also TRUSTe whitelisted.

http://www.truste.com/pri...program-requirements.html

eBay, PayPal, Yahoo. It has some clout.

Just because something is a toolbar doesn't make it forged in Hell on an anvil of bones.

I remember releasing ALToolbar.

http://www.altools.com/ALTools/ALToolbar.aspx

It's an excellent tool. SHIFT SHIFT and you're styling! I really wish that ESTsoft would make it for Firefox and Opera. That would ROCK! I love it! It's so good that I'd almost use IE as my primary browser. (That is saying a LOT!)



... off topic ...

Phew~! Just prior to clicking "POST", I saw my regular Firefox browser crash reporter, gulped, and then remembered that I've switched to Opera~! cheesy YAY~!
Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #329 on: April 02, 2011, 08:13:34 AM »

Can anyone pick out anything in there that is shady?
World of Warcrack. Definitely shady, ruiner of souls.
Logged

- carpe noctem
Renegade
Charter Member
***
Posts: 10,854



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #330 on: April 02, 2011, 10:02:55 AM »

Can anyone pick out anything in there that is shady?
World of Warcrack. Definitely shady, ruiner of souls.

Hahahaha~! Yes... Games can be very addictive and waste your life. A few people die every year from playing non-stop and eventually just die of exhaustion.
Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
40hz
Supporting Member
**
Posts: 10,399



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #331 on: April 02, 2011, 01:27:46 PM »


To be clear, in loud, bold, 20pt, red, all caps:

*
<<SP>>
*
...and centered. smiley



Thank you Renegade! (Very elegant solution BTW. I like it!)  Grin Thmbsup

Logged

Don't you see? It's turtles all the way down!
40hz
Supporting Member
**
Posts: 10,399



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #332 on: April 02, 2011, 01:56:13 PM »


I'd guess a bit more than several years would depend on what the definition of several years is.  Wink

In my case "a bit more than several years " is about 40 - as in calendar, not biblical.  tongue

My first program was a Black Jack simulation written in FORTRAN 66 and installed on (if memory serves) a System/370-145 mainframe. Wink

Logged

Don't you see? It's turtles all the way down!
app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,112



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #333 on: April 02, 2011, 03:15:47 PM »

Got a reply back from FSF:

Quote
>    Would placing the proprietary closed source OCSetupHlp.dll file on
>    a user's system without their permission and without offering the
>    source, solely for the purpose of displaying ads during the install
>    process and providing the developer with install/uninstall tracking
>    statistics later on be considered a violation of the GPL when it is
>    done by the installer of a GPL licensed application?

The way you describe the issue, the proprietary DLL is part of the
installer, not of the GPLed software. According to the GPL FAQ, "The
installer and the files it installs are separate works. As a result, the
terms of the GPL do not apply to the installation software."
(http://www.gnu.org/licens...q.html#GPLCompatInstaller)

While it is unfortunate that some GPLed software would require a
proprietary installer, it is not a GPL violation.

It makes sense to me now.

And another way to look at it could be this:

If you treat the application and its installer as 2 separate applications, while the software installed may not be adware or spyware, the OC powered installer is.
Logged

Renegade
Charter Member
***
Posts: 10,854



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #334 on: April 02, 2011, 09:52:47 PM »

Thank you Renegade! (Very elegant solution BTW. I like it!)  Grin Thmbsup

I thought you'd get a kick out of that~! cheesy

Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
Renegade
Charter Member
***
Posts: 10,854



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #335 on: April 02, 2011, 10:05:19 PM »

...while the software installed may not be adware or spyware, the OC powered installer is.

I can see some kind of confusion over adware, but "spyware" is so far off-base, it's not in the same solar system. It's so radically different that it's just not possible to make that confusion if you know what the two are. Instead, it's libelous.

Spyware:

Quote
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.

Reading that, it's simply not possible to confuse OC with spyware.

It's like understanding what different kinds of email sofware do, and then confusing "The Bat" with "postfix". One is a client and the other is a server. They are worlds apart.

Defamation:

Quote
Defamation—also called calumny, vilification, traducement, slander (for transitory statements), and libel (for written, broadcast, or otherwise published words)—is the communication of a statement that makes a claim, expressly stated or implied to be factual, that may give an individual, business, product, group, government, or nation a negative image. It is usually a requirement that this claim be false and that the publication is communicated to someone other than the person defamed (the claimant).


Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,112



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #336 on: April 02, 2011, 11:03:11 PM »

It's not defamation unless it is false. I believe my statement to be true.

Spyware:

spyware (computer software that obtains information from a user's computer without the user's knowledge or consent)

What percentage of users installing software from an OC powered installer gave their informed consent and know that information will be sent back to OC, even if they refuse the recommendation?

spyware

   1. (Internet) programs that surreptitiously monitor and report the actions of a computer user.

That describes exactly what OC does.

Spyware: Computer programs that typically track your use and report this information to a remote location. The more malicious spyware programs may capture and report keystrokes, revealing passwords and personal information. Users are often tricked into installing spyware programs without their knowledge. Spyware is sometimes referred to as adware.

Emphasis mine. And that is exactly what OC does. It doesn't have to do the rest to be spyware.

Spyware Software that uses an internet connection without the permission of its owner, in order to 'listen' to confidential data and transmit them to third parties

What percentage of users installing software from an OC powered installer gave their informed consent and know that information will be sent back to OC, even if they refuse the recommendation?

The Anti-Spyware Coalition (ASC) defines "spyware and other potentially unwanted technologies as technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:

- Material changes that affect their user experience, privacy or system security;

- Use of their system resources, including what programs are installed on their computers; and/or

- Collection, use and distribution of their personal or other sensitive information."

See: Recognizing Spyware

If it is phoning home with info about a user, without their informed consent, it has done this and is spyware. OC is spyware.

Spyware
Software that gathers user information through the user’s Internet connection without his or her knowledge, usually for advertising purposes.  Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet.  Not all shareware and freeware applications come with spyware.  Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else.  Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.

Emphasis mine, because that is exactly what OC does. What percentage of users installing software from an OC powered installer gave their informed consent and know that information will be sent back to OC, even if they refuse the recommendation?

Spyware
Spyware is software that literally spies on the activities of the user of the computer where it is installed. All possible personal data is gathered and then sent to the author of the Spyware.

The author is OC and information is sent back to OC.

While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.”

That’s certainly not anything that OpenCandy enables or would EVER take part in! (I wouldn’t work for a company that did… I wouldn’t be able to sleep at night.)

OpenCandy’s Analytics

This is probably a good time to address the analytics side of the OpenCandy network. The analytics that we provide back to our publishers (those who recommend other software using OpenCandy) includes NON-PERSONALLY identifiable information such as the user’s country, operating system, operating system version, operating system language,  and when the software is installed (and optionally, if it is uninstalled). This information is aggregated in daily intervals and individuals are NOT identifiable (see more below). That’s it.

I love how he essentially contradicted himself there, explains how even though that is what OC does, collecting information,  it's not spyware.

I will ask one more time:

What percentage of users installing software from an OC powered installer gave their informed consent and know that information will be sent back to OC, even if they refuse the recommendation? And do they know what information?

Unless OC is getting informed consent to collect that information, it's spyware, plain and simple.

It doesn't matter if you think the information it is collecting is benign...it is still collecting information without the user's informed consent.

Informed consent is a phrase often used in law to indicate that the consent a person gives meets certain minimum standards. As a literal matter, in the absence of fraud, it is redundant. An informed consent can be said to have been given based upon a clear appreciation and understanding of the facts, implications, and future consequences of an action. In order to give informed consent, the individual concerned must have adequate reasoning faculties and be in possession of all relevant facts at the time consent is given.
Logged

wraith808
Supporting Member
**
Posts: 6,085



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #337 on: April 02, 2011, 11:28:28 PM »

^ So... I take it adobe flash is spyware?  How about iTunes?  Or Java?  I could keep naming software- there's quite a few pieces of software that do the same in a benign way, then after the fact inform you that they did and would you like to install this update or that update.  Microsoft used to do it with Windows update.  Websites do it without ever telling you.

Yes, but you're far from the only person using OpenCandy, and now that I know what it looks like I realize it's been used in lots of software I've installed recently. I would have liked to know so I could learn more and make a more informed decision. Lack of full disclosure by software authors is my remaining concern.

So... I use other DLLs from third-parties in my software sometimes; does that mean that I need to inform you so that you can be made aware of exactly what software I'm using?  Where does it end?
Logged

app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,112



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #338 on: April 02, 2011, 11:45:42 PM »

^ So... I take it adobe flash is spyware?  How about iTunes?  Or Java?  I could keep naming software- there's quite a few pieces of software that do the same in a benign way, then after the fact inform you that they did and would you like to install this update or that update.  Microsoft used to do it with Windows update.  Websites do it without ever telling you.

Bingo!

Yes, but you're far from the only person using OpenCandy, and now that I know what it looks like I realize it's been used in lots of software I've installed recently. I would have liked to know so I could learn more and make a more informed decision. Lack of full disclosure by software authors is my remaining concern.

Looks like a user that didn't give informed consent for the information that was collected and sent back to OC.

Quote
So... I use other DLLs from third-parties in my software sometimes; does that mean that I need to inform you so that you can be made aware of exactly what software I'm using?  Where does it end?

Do those 3rd party DLLs collect user information and send it out to someone over the internet? If they do, then you should inform the user and get his permission before any information is collected.
Logged

40hz
Supporting Member
**
Posts: 10,399



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #339 on: April 03, 2011, 12:25:39 AM »

...while the software installed may not be adware or spyware, the OC powered installer is.

I can see some kind of confusion over adware, but "spyware" is so far off-base, it's not in the same solar system. It's so radically different that it's just not possible to make that confusion if you know what the two are. Instead, it's libelous.

*
*
*

Defamation:

Quote
Defamation—also called calumny, vilification, traducement, slander (for transitory statements), and libel (for written, broadcast, or otherwise published words)—is the communication of a statement that makes a claim, expressly stated or implied to be factual, that may give an individual, business, product, group, government, or nation a negative image. It is usually a requirement that this claim be false and that the publication is communicated to someone other than the person defamed (the claimant).



Interesting comment.

Sounds very much like a threat.

Is some sort of legal threat being made here?





Logged

Don't you see? It's turtles all the way down!
Renegade
Charter Member
***
Posts: 10,854



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #340 on: April 03, 2011, 12:45:30 AM »

Interesting comment.

Sounds very much like a threat.

Is some sort of legal threat being made here?

Not in the least. I'm merely pointing out that app103 is making a serious accusation. Spyware is a subset of malware.
Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
Renegade
Charter Member
***
Posts: 10,854



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #341 on: April 03, 2011, 01:08:43 AM »

I don't think we'll ever agree on this.

See the smoking guns section below though, as I really don't see how there can be any debate after that.

But anyways...

It's not defamation unless it is false. I believe my statement to be true.

Spyware:

spyware (computer software that obtains information from a user's computer without the user's knowledge or consent)

What percentage of users installing software from an OC powered installer gave their informed consent and know that information will be sent back to OC, even if they refuse the recommendation?


License information is clearly visisble at the beginning in the EULA.

There's simply no satisfying the requirment no matter what is done. Your verdict is guilty before the trial has begun. No amount of evidence will change that.

A great deal of software collects information, e.g. MS Office, Visual Studio, etc. etc. Now, if you happen to forget that you decided to participate in the customer experience program, it is now collecting information without your knowledge, and if you don't know, then you can't give consent.

You are implicitly demanding that all software that collects information be labeled spyware, which makes the term useless.

Now go check your web sites and see how much "spyware" in on them. All web ad companies, like Google or Double-Click, collect information without the user's knowledge or consent.


spyware

   1. (Internet) programs that surreptitiously monitor and report the actions of a computer user.

That describes exactly what OC does.


No. It doesn't.

spyware

   1. (Internet) programs that surreptitiously monitor and report the actions of a computer user.


However, the ads on your web sites do "surreptitiously monitor and report the actions of a computer user".



Spyware: Computer programs that typically track your use and report this information to a remote location. The more malicious spyware programs may capture and report keystrokes, revealing passwords and personal information. Users are often tricked into installing spyware programs without their knowledge. Spyware is sometimes referred to as adware.

Emphasis mine. And that is exactly what OC does. It doesn't have to do the rest to be spyware.


Really? I can take things out of context too. smiley

Spyware: Computer programs that typically track your use and report this information to a remote location. The more malicious spyware programs may capture and report keystrokes, revealing passwords and personal information. Users are often tricked into installing spyware programs without their knowledge. Spyware is sometimes referred to as adware.

Emphasis mine. And that includes all software. The rest is irrelevant. cheesy tongue

For the other things, you're taking them out of context and twisting them.

...spyware is sometimes referred to as adware.

And that's simply moronic.

The set of "spyware" and the set of "adware" intersect, but that does not make them the same.


Is it possible for spyware to not include an advertisement? Yes. (Proof by example: keyloggers)
Is it possible for adware to not include an advertisement? No. (Proof: By definition. The "ad" in adware is there for a reason.)

They have properties that are not shared.

Why not just do away with all words and just have 1? Heck. It's the same nutty logic. Let's call everything "bloobledurp" or "<insert whatever sound you like here as long as everyone uses the same sound>".

Reductio ad absurdumw. QED.

This:

...spyware is sometimes referred to as adware.


Directly leads to that nutty "bloobledurp" conclusion. It is an absolute logical consequence. There is NO DEBATE on that.







I will ask one more time:

What percentage of users installing software from an OC powered installer gave their informed consent and know that information will be sent back to OC, even if they refuse the recommendation? And do they know what information?

Unless OC is getting informed consent to collect that information, it's spyware, plain and simple.

It doesn't matter if you think the information it is collecting is benign...it is still collecting information without the user's informed consent.


That's just silly. Everything in OpenCandy is upfront. Just because someone refuses to listen or refuses to attempt to understand doesn't validate any claims about "informed consent".

If you've got you eyes closed, and are walking towards a stream, and I start screaming that you're about to get wet, but you cover your ears and start saying "I can't hear you", that doesn't mean that I didn't try to tell you about the stream.

Guess what's in the EULA? At the very beginning of installers?

Refusal to listen doesn't justify crying wolf later on.


Informed consent is a phrase often used in law to indicate that the consent a person gives meets certain minimum standards. As a literal matter, in the absence of fraud, it is redundant. An informed consent can be said to have been given based upon a clear appreciation and understanding of the facts, implications, and future consequences of an action. In order to give informed consent, the individual concerned must have adequate reasoning faculties and be in possession of all relevant facts at the time consent is given.

That's a legal definition, which makes it essentially worthless. Law is entirely arbitrary and not based on reality. It incorporates aspects of reality, but that doesn't make it reality.

I can provide a logical proof for that if required.

But, to give it the benefit of the doubt... I go back to my point about refusing to listen doesn't make "informed consent" an excuse. Ignoring what you are being told then later recanting saying "yes" doesn't make it right.




Now... I'd like to bring out...




THE SMOKING GUNS...





I ran WireShark just now and what I got from running the Photo Resizer installer was this:

http://removed/?clientv=2...7dd2fdb9897e0bbd47c2c3d58

NOTE: I have removed the host information because it *may* interfere with my control panel stats for initiated installations. This is purely a paranoid precaution on my part. I think the session value would prevent this though. Also note, that this has NO impact on the user. It only has an impact on ME.

If anyone wants the host information, PM me and I'll give it to you.

Let me break that down into each piece. (Some educated guesses in places on my part.)

HOST:
http://removed/

The OpenCandy DLL version (I assume):
clientv=27

Country (I assume):
cltzone=600

Language:
language=en,en

Action to get offers:
method=get_offers

Not sure. Looks like running time or something:
mstime=0.280

The Operating system:
os=WIN6.1-64

The unique key for Photo Resizer
product_key=613b8aaa21ae201a2c054a63f3e87f8d

The version of Photo Resizer registered with OC (I assume):
v=1.0

An authentication method to ensure that it isn't some other software (I assume):
signature=5b437627dd2fdb9897e0bbd47c2c3d58

There is NO personally identifying information sent there. None. Zero. Nadda. Zilch.

Let's go back to some of those accusations of OC being spyware, and look at the definitions you used...

Quote
1. (Internet) programs that surreptitiously monitor and report the actions of a computer user.

Ummm... No as I've shown above.

[QUOTE]Collection, use and distribution of their personal or other sensitive information.[/QUOTE]

Ummm... No as I've shown above.

Quote
Spyware Software that uses an internet connection without the permission of its owner, in order to 'listen' to confidential data and transmit them to third parties

Ummm... No as I've shown above.

Quote
Spyware: Computer programs that typically track your use and report this information to a remote location.

Ummm... No as I've shown above.


I don't see how this is any longer open to debate. I've given solid evidence that anyone can verify themselves.

In any event, on to further beating a dead horse... The XML result set...


The results returned a complete set of offers in XML (I have reformatted it for readability):


*** PROBLEMS POSTING IT -- SEE NEXT POST ***


There is no personally identify information there about me as a user. How could there be? It's purely information downloaded from OpenCandy.

If you check the information in there, you will see that it is exactly what it is advertised to be. There is NOTHING deceptive in there. There is nothing that could be remotely considered abusive or spyware or malware or whatever.

Flat out. The XML contains information that the OpenCandy DLL processes. The results of that are then displayed in the installer.

At no time prior to that is anything personal or identifying sent back to OpenCandy.



SUMMARY:

1. Start installer.
2. OC downloads XML file and does NOT send any information.

What else is there?


You can verify exactly what I said above.

Nothing is hidden. It's all perfectly out in the open for anyone to look at and verify.



I hope that clears up some things. I've presented clear evidence to back up my claims.

Like I said before, if anyone can actually present any evidence that OC is spyware, please do and I will recant! I don't think anyone can though.

« Last Edit: April 03, 2011, 01:11:01 AM by Renegade » Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
Renegade
Charter Member
***
Posts: 10,854



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #342 on: April 03, 2011, 01:11:33 AM »

The XML:


Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
40hz
Supporting Member
**
Posts: 10,399



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #343 on: April 03, 2011, 02:49:12 AM »


I don't think we'll ever agree on this.


I think it all comes down to where somebody's personal interests lie.

As Machiavelli so accurately pointed out, the best way to understand motivation is to "follow the money."

Those who stand to financially benefit from something like Open Candy will tend to see this product/service (or whatever) in a positive light, and accept OC's definitions and arguments as valid.

Many of those who don't have a financial interest in going along with OC's view of the universe will tend to be much more skeptical of OC's claims, and less likely to be convinced by the arguments and assurances being given.

In the end, it's mostly a matter of how one's bread gets buttered. And by whom.

Like the Tom Gray song says: "Money changes everything."  smiley



« Last Edit: April 03, 2011, 03:09:40 AM by 40hz » Logged

Don't you see? It's turtles all the way down!
app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,112



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #344 on: April 03, 2011, 04:36:58 AM »

I think your smoking gun didn't show all the smoke...but a trip to the OC site did show they collect more information than your smoking gun showed.

Q: What information does OpenCandy collect during installation of an installer powered by OpenCandy?

A: First and foremost, we do NOT collect any personally identifiable information. Nor do we store IP addresses.

We collect the following NON-personally identifiable information for aggregate statistical purposes:
A) Operating system version and language, country location and timezone of the computer running the installer, and the language of the developer’s software installer
B) That the developer’s installer was initiated, and whether it was completed or canceled
C) Whether a third-party recommendation was made and if so, whether it was accepted or declined
D) If a third-party recommendation was accepted, whether the recommended software’s installer has been downloaded and the installer initiated
E) That the recommended third-party installer was initiated, and whether it was completed or canceled.

For more information about what “personally identifiable information” or “PII” is, see this Wikipedia article: http://en.wikipedia.org/w..._identifiable_information

For additional details about information collection, please see What Information Does OpenCandy Collect?.

They also collect other information:

Quote
The number of times the user hit the “Next” button in the installer without making an accept or decline select for the recommendation. This information is used as a feedback measurement for the clearness and transparency of the recommendation screen.

Quote
The amount of time, in second, that the user spent on the recommendation screen.

Now that is information I never expected to be collected when I install software...kind of like looking over my shoulder with a stopwatch.  huh

Quote
The amount of time, in seconds, that it took to download the software.

Quote
Indicates if the user launched the installed software by way of the “Launch” button in the download manager.


Nope, haven't changed my mind...I still consider it spyware. And all those definitions I provided before was to give you a list of the ways spyware is defined, not just the definition source that OC or you prefer.

And as far as adware goes, OC does admit to being adware by the common definition of the word.

Outside of the anti-virus and anti-malware industry adware is broadly defined as any software that displays advertising of any form. As OpenCandy is an advertising platform, which software developers use to make software recommendations in their installers, this definition covers OpenCandy as it does most downloaded software: Skype, AVG Anti-Virus, avast! Antivirus, and Adobe Flash (which advertise products like Google Chrome in their installers).


I think it all comes down to where somebody's personal interests lie.

As Machiavelli so accurately pointed out, the best way to understand motivation is to "follow the money."

Those who stand to financially benefit from something like Open Candy will tend to see this product/service (or whatever) in a positive light, and accept OC's definitions and arguments as valid.

Many of those who don't have a financial interest in going along with OC's view of the universe will tend to be much more skeptical of OC's claims, and less likely to be convinced by the arguments and assurances being given.

In the end, it's mostly a matter of how one's bread gets buttered. And by whom.

Like the Tom Gray song says: "Money changes everything."  smiley

I couldn't agree more!  Thmbsup




Logged

Renegade
Charter Member
***
Posts: 10,854



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #345 on: April 03, 2011, 05:34:10 AM »

A bit more information here:

Opening Up OpenCandy

I've put more packet analysis there. It only confirms that no "PII" is collected.


app103, following your criteria, pretty much all software is spyware.

Filezilla - I got an update alert that I didn't ask for. Must be spyware! That's just silly!
ProLasso - Alerts me when updates are available. Spyware? Hardly.

Is there any software that uses a network connection that isn't spyware?

I don't think there is. Whether or not an ad is served isn't relevant.



Regarding things like how long is spent on a screen, that's typical stuff that you use to improve the software. It's not "PII".


Try this, start up WireShark then see what's happening in your browser and what the sites you visit are doing.


As for my financial interests and following the money... The payouts aren't that much. It's quite frankly insignificant.

My interests lie in my hatred of the scareware industry. I simply loathe the security sector and the media and their massively irresponsible attitudes.

Just look at the Samsung keylogger fiasco. THAT is what really pisses me off. They're alarmists and they do more harm than good in a lot of cases. Thank god they're not in pest control. They'd be fumigating houses with people in them.


I still have no clue as to how you can maintain that OC is spyware, but other networking software isn't.


OC doesn't send any "PII", so that cannot be a part of the criteria.

Since other software sends and receives non-"PII" information, but presumably isn't spyware, I can really only assume that the real criteria is whether or not you like the software. I just can't see any other reason. If you apply your criteria to other software, then pretty much everything is spyware.




Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,112



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #346 on: April 03, 2011, 07:23:13 AM »

I never claimed it was PII, and in most of the definitions of spyware that I provided earlier, there is no mention of PII...only mention of spying, collecting information the user doesn't know is going on.

Let's talk about YOUR software for a minute, and how the information gathered by OC is related to it...and what is and isn't spying on a user...

If your software checks for updates and informs the user that one is available, who benefits from any exchange of information related to finding out, that takes place? Does the user directly benefit in any way? Do you benefit in any way? Does it allow you to deliver bug fixes that correct issues that could have a negative effect on the user's experience? Does some unrelated 3rd party benefit the most? Does knowing a new version of the software being available and giving them the opportunity to download it have any possibility of enhancing their enjoyment of your software?

Does the info about how long a user stared at the recommendation screen benefit the user directly in any way? Does it have anything to do with your software they intended to install and their enjoyment of it? Does it help you improve your software? Is it necessary for a 3rd party to know this info for your software to function properly?

How long the recommendation screen was viewable on my computer isn't anybody's business but my own, even when it is collected without PII. When it is collected without my knowledge or consent it's an invasion of my privacy, it's spying. How I choose to launch my software is also my business, whether I do it from some 3rd party download manager that ended up launched on my computer because of OC or I use FARR or the Start Menu, or a desktop shortcut, or if I open the program folder and drag the exe file to my taskbar to make a shortcut. No matter what way I choose to launch it, it's my business...not yours, OC's, or anybody else's. Any attempt to gain access to how I do it, without my knowledge or consent, is spying on me.

Quote
Just look at the Samsung keylogger fiasco. THAT is what really pisses me off. They're alarmists and they do more harm than good in a lot of cases. Thank god they're not in pest control. They'd be fumigating houses with people in them.

So an irresponsible idiot of a writer for a reputable IT site that should have known better, jumped the gun and accused Samsung without checking his facts, based on a false positive, and you are going to get back at the both of them by adding OC to your installers? That makes no sense.

And it doesn't make OC run by saintly angels, either.

I told you, I don't trust them. They keep doing sneaky stuff, getting caught, changing things, getting caught, changing more, go back on their word, blame software authors for the changes...the same crap they did when they were at DivX.

Don't you know...you greedy developers twisted their arm and made them add an opt-out option, even though they are so very ethically opposed to that because they know it creates situations where people end up installing unwanted software.

It was because you greedy developers wanted users to install stuff they didn't want, so you could make more money from it. It's all your fault and had absolutely nothing to do with OC wanting to make more money, because they are the nice benevolent company that only exists to help poor little developers make money. All the VC's that invested big money in them didn't do it for the even bigger profits they hoped to gain, and their desire to make big profits and whatever pressure they put on OC had nothing to do with the changes...that VC money was all a big donation to help freeware and open source authors.

Oh how sweet of them to assign each computer a unique ID, building a profile of what each user accepted, installed, declined, uninstalled, etc, without the user's knowledge or consent, which they blamed on a bug when they got caught and had to change it. And the use of the registry entries like permanent cookies...till they got caught and had to change it.

What are they going to get caught doing next? And are they going to blame you again when it happens?

It's no secret that I have financial problems, no secret that my family is less than a paycheck away from disaster. I am scrambling to make as much money any way I can. I have even thought about using OC...but every time I do, I get sick to my stomach, feeling like I would be a sell-out, selling my users to a bunch of slimeballs, for a few cents each. No matter how tempting it is and how bad I need the money, I just can't bring myself to do it.
Logged

wraith808
Supporting Member
**
Posts: 6,085



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #347 on: April 03, 2011, 08:26:37 AM »

^ So... I take it adobe flash is spyware?  How about iTunes?  Or Java?  I could keep naming software- there's quite a few pieces of software that do the same in a benign way, then after the fact inform you that they did and would you like to install this update or that update.  Microsoft used to do it with Windows update.  Websites do it without ever telling you.

Bingo!
Not quite.  By agreeing to the installer, you're agreeing to the EULA.  So if you agree to the EULA, then you've already given your 'informed consent' whether you read the EULA or not.

Quote
So... I use other DLLs from third-parties in my software sometimes; does that mean that I need to inform you so that you can be made aware of exactly what software I'm using?  Where does it end?

Do those 3rd party DLLs collect user information and send it out to someone over the internet? If they do, then you should inform the user and get his permission before any information is collected.

So even if you agree to the EULA (read it or not) you *still* want another step of approval?  Sort of reminds me of the consumer advocates that say that the credit card agreements are too long because no one reads them, but if they are shortened, use the absence of text to attempt to say that the agreement is invalid.

It's no secret that I have financial problems, no secret that my family is less than a paycheck away from disaster. I am scrambling to make as much money any way I can. I have even thought about using OC...but every time I do, I get sick to my stomach, feeling like I would be a sell-out, selling my users to a bunch of slimeballs, for a few cents each. No matter how tempting it is and how bad I need the money, I just can't bring myself to do it.

The thing that bothers me is that the situation is no where near as black and white as you make it appear.  Your choice is your choice, and your interpretation is your interpretation.  But you seem IMO closed to anything that might speak against that narrow view, and use pejoratives where they don't belong (adware, spyware, slimeballs).  No one knows their motivations, for good or for bad.  Software does have defects, and sometimes people misjudge backlash against actions, and so end up spinning what happens.  And sometimes people deceive intentionally.  But unlike spyware and adware producers, who just attempt to find ways around any sort of exposure they get to dig deeper into the ground to get away from attention, OC does have an evangelist that does speak to these issues, and apparently gets things done.  Why not trust but verify, instead of putting them into the negative category because of possible growing pains?  And why, if that's a personal decision, attempt to inflict that on others even in the face of evidence.  Renegade put out a challenge above... but none of this really speaks to that challenge.  If there is such overwhelming evidence, why not prove it?  Especially if this is a black and white issue.
« Last Edit: April 03, 2011, 08:39:33 AM by wraith808 » Logged

40hz
Supporting Member
**
Posts: 10,399



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #348 on: April 03, 2011, 08:49:17 AM »

@wraith808 - just out of curiosity, are you personally considering using OC?

If you don't mind somebody who goes "back *that* far" asking? Wink

Logged

Don't you see? It's turtles all the way down!
wraith808
Supporting Member
**
Posts: 6,085



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #349 on: April 03, 2011, 09:05:56 AM »

@wraith808 - just out of curiosity, are you personally considering using OC?

If you don't mind somebody who goes "back *that* far" asking? Wink



Wink

I hadn't been.  I hadn't even considered it until I started following Renegade's experiment.  And even now, I doubt I will- I used to write installers for a living, so I try to stay as far away from that as possible, if you hadn't noticed from my software.  Grin  It's just unzip and run...

(And I don't remember my first mainframe... but I think you might have me beat by a few years.  Not many though! smiley  Though fully qualifying it, I was pretty precocious when it came to computers, and my father being a professor helped to give me unusual access to hardware.)
Logged

Pages: Prev 1 ... 9 10 11 12 13 [14] 15 16 17 18 19 20 Next   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.512s | Server load: 0.1 ]