It seems like there is a lot of getting hung up on terminology here. Which is ironic because one of the most important points made here - by 40hz - is that the meaning of words *is* important and is being potentially subverted here by OC. On that point I have some concern myself. Nonetheless I think whether something is "installed" or not is ultimately tangential to what is at issue here and of actual concern. After all, I'm sure Wraith would not argue that a virus that simply loads itself into memory and formats your hard drive without ever "installing" anything is ok simply because it's not being "installed" (and neither would anyone else I'd wager
). So using "installed" as a measure of trustworthiness, safety, or anything else that is really of concern here is not really useful.
So what's really the concern here for those who are uncomfortable with OC? Well, there's certainly the association with adware and spyware of the past. But I happily ran CrashPlan in ad-supported mode for some time, and if I hadn't needed backup sets and wanted to use their online storage, I probably would have continued to do that. I've also used several other ad-supported apps. I don't mind them in principle. Do others here who are objecting to OC's system fundamentally reject all adware? If not, it's an interesting and important distinction.
Spyware, on the other hand, I do broadly reject, at least where I'm aware of it. So what exactly is spyware? The common understanding is it's software that collects information about you and sends it back to a controller, presumably a central server somewhere, for some unknown and unstated purpose. I am *still* unclear on whether OC is doing this, but my understanding from reading this thread is that *yes*, they *are* doing this, in that information is going back to OC. The problem then, at least in my view, is that data is being collected from a position of potentially elevated permissions vs. a web browser (in most cases a browser is not able to see what software you have installed, for example) and *no* disclosure is being made of that. Yes, websites do this all the time, and I'm not happy about that either, yet I continue to browse the web. But for those that have concerns about this sort of thing, there are also common tools available to block this kind of behavior. A good incoming *and* outgoing firewall will catch what OC is doing, as NOD apparently did, and warn the user, allowing them to block it. So tools are available to handle this situation is well. Nonetheless the elevated position that OC is in as far as access to my system in my opinion demands an elevated level of communication regarding its activities.
Let's keep some perspective here though. This does not need to be stated in scary terms in order to avoid being seen in a bad light. I believe OC could require better communication of its activities through its partners and their installers while not necessarily reducing opt-in significantly. Here's an example:
"This installer is powered by OpenCandy! As part of a free service, OpenCandy will check your system for potential software upgrades to improve performance and capabilities. This check will collect basic non-personal information about your system and store it securely on our servers. If you'd like to decline this service, simply uncheck the box below." That's 30 seconds of thought put into the wording; a good marketer could do a lot better, keeping the important information will making it more appealing. That's what marketers do, and that's ok.
They could even make it a bit more controllable and potentially get more customers by doing something like this: "...This check will collect basic non-personal information about your system and store it securely on our servers. If you'd prefer not to have your information sent to our servers, we can still perform a local check and offer some recommendations if you select the "local check" radio button below. You can also choose to decline this service by selecting the "do not check my system" radio button." In a situation like that I might still opt-in to the local check.
Adding a sentence of info about OC's service helping to support developers might also be a good thing, depending.
In the end I think the problem 40hz has, and which I share, is that OC is not very open about what it's doing, and in some/many cases even seems to be completely unmentioned in the equation (e.g. the offer appears to be coming from Microsoft for installing IE9, with no mention of the fact that OC brokered the deal). Disclosure is a big deal to many people.
All this being said the average person doesn't give a crap.