First off, I’m a DonationCoder supporter.
As a matter of fact, not only did I donate during the recent DonationCoder fundraiser, I also twittered about the campaign (
http://twitter.com/d.../statuses/1307938963). More than 50 people clicked that link and hopefully some % of them made a donation to DonationCoder. You can see the link stats here:
http://bit.ly/info/UhnDN . I’ve also been recommending ScreenshotCaptor (according to my archives) since 10/7/2005. That’s when the installer was 2,930KB. Although I think I’ve been recommending it longer than that. And yes, although I did activate my account here today, I’ve been around the forum reading it on and off for years.
Secondly, I’m OpenCandy’s Software Community Guru.
Little info about the type of user I am:
-I use a Hosts file (managed by HostsMan utilizing the MVPS hosts, hpHosts, Mike’s Ad Blocking Hosts and Peter Lowe’s AdServers List block lists). My hosts file contains over 170k entries of crappy sites. I even imported it into OS X as well using Gas Mask.
-I use the NoScript, QuickJava, AdBlock, Permit Cookies, Stop Autoplay extensions in Firefox. I basically always leave Java permanently disabled. When I go to a site I need to login to, I have to not only enable Javascript on that site via NoScript, I also have to manually allow each cookie individually in order to successfully complete logging into a site.
-I use a software firewall on Windows (currently Comodo) and OS X (Little Snitch). I don’t use one on Ubuntu.
-I have Windows Update disabled (not recommended for novice users). I manually download and test the patches that come out on Patch Tuesday before deploying them on my main computers.
-My favorite podcast is Steve Gibson and Leo Laporte's Security Now. I've been a listener since the first episode.
-I could go on and on, but I’m going to write a blog post about my user habits and security tips… Someday…
How I Discovered OpenCandyI first discovered OpenCandy on 11/22/08 when installing an update to MediaCoder. I twittered about it here:
http://twitter.com/d.../statuses/1018127759. I made a conscious decision that day to allow Comodo to permit MediaCoder to connect to the internet. Even though I had never seen MediaCoder ask to connect to the internet, I permitted it simply because if I figured that if I trusted the developers of MediaCoder enough to install their software, then I ought to be able to trust them enough to let their installer connect to the internet. And I’m glad I did, because not only did I discover OpenCandy (which, 3 months later, afforded me the opportunity to interview with them to be their Software Community Guru), I discovered an awesome way for regular users to discover great software. Whereas I have personally introduced hundreds of regular people to great software, OpenCandy is a way to introduce millions of people to great software!
Those Divx Guys and My Life as a User AdvocateI’m not going to defend what some of the colleagues did while at Divx. Because I was one of the people who spent in inordinate amount of time removing the crap that Divx installed. Actually, out of the last 9 years, I’m confident in saying that I’ve spent at 2 hours a day, Monday through Sunday removing malware, adware and spyware from user’s systems. I do it for free (for those who can’t afford to pay) and I do it as a paid IT consultant (to home users and small businesses). So I’ve spent the equivalent of 273 days removing malware from systems. Heck I haven’t even been alive for 11,000 days. So approximately 2.5% of my life I’ve spent removing malware! (WOW! Now that I did the calculation and see it in writing… it’s sad.) That doesn’t include the unfathomable amount of time I’ve spent setting up Windows systems and securing them.
When I was interviewed by the OpenCandy team in February, I let my displeasure with what Divx bundled be known. And you know what? Those that were involved knew they made a mistake… and had no problem saying so. EVERYBODY makes mistakes... just NEVER make the SAME one TWICE. They didn't... What they learned at DivX allowed them to identify an opportunity to democratize software distribution so that ALL developers and ALL users could benefit. So they embarked on a mission and created a vision to do just that... the RIGHT way. And they (we) have built something that is not only beneficial to the developer community (they can increase distribution, make money or both), it’s really beneficial to users (users get to discover great software via recommendations by developers of applications they trust).
OpenCandy, Not Adware, Nor SpywareAdware: NO. Definitely not. According to the generally accepted definition of adware (via Wikipedia):
“Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software.”Spyware: NO way, Jose
Wikipedia’s definition of spyware:
“Spyware is computer software that is installed surreptitiously on a personal computer to collect information about a user, their computer or browsing habits without the user's informed consent.[1]
While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.” That’s certainly not anything that OpenCandy enables or would EVER take part in! (I wouldn’t work for a company that did… I wouldn’t be able to sleep at night.)
OpenCandy’s AnalyticsThis is probably a good time to address the analytics side of the OpenCandy network. The analytics that we provide back to our publishers (those who recommend other software using OpenCandy) includes NON-PERSONALLY identifiable information such as the user’s country, operating system, operating system version, operating system language, and when the software is installed (and optionally, if it is uninstalled). This information is aggregated in daily intervals and individuals are NOT identifiable (see more below). That’s it.
Some facts about OpenCandy Recommendations-OpenCandy powered recommendations are OPT-IN. And I don’t mean “opt-in” (or as I call it "opt-tricky") in the sense that you have to careful where you click, I mean explicitly and clearly, OPT-IN. The recommended software doesn’t install unless the user clicks “Yes, I WANT to install that!”
-Developers choose what software they want to recommend. That's (what I think) is the real beauty of how OpenCandy works.
-OpenCandy’s technology has ZERO functionality outside of the software installer that it is integrated with. Period.
-Here’s what OpenCandy knows about "you": A Windows (XP, Vista, whatever) computer residing in the United States (or some other COUNTRY, yes just COUNTRY) accepted or declined an OpenCandy recommendation. That's orders of magnitude less than Google knows about (the actual) you through Google Search, Adwords, Adsense, Doubleclick cookies, etc...
What happens when a developer wants to participate in the OpenCandy network-I check the Hosts file providers to see if a potential developer that wants to participate in OpenCandy is on those lists.
-I check McAfee SiteAdvisor and WoT.
-I check the potential publisher’s and advertiser’s installers using Virus Total.
-I check antispyware forums to see if user’s have any issues with the software.
-I look at the company’s business practices in general.
In addition, our software guidelines (which we be available soon for all to see) were built on top of AND further enhance policies created by Download.com, StopBadware, and the Antispyware Coalition. As well as our own ideals…
We do make software of our own. Our recommendation engine and client is built by a fantastic team of software engineers. And we offer that engine for free. If you just want to recommend other software for free, you can do that with OpenCandy. We still have to spend the man/woman power to audit your software from a privacy/security standpoint before inclusion in the network, configure the pool of applications you want to recommend, create the recommendation screens, test the installer to make sure it works properly, and a slew of other tasks.
Yes, it’s true, we DON’T create our own software to distribute opt-out toolbars to “make millions”, that’s not why OpenCandy was started and certainly not anything we will ever do. In the future, we MAY create software that provides value to users that doesn’t currently exist today. But you won’t see opt-out toolbars in it.
It’s kind of presumptuous to say that we took the easy way, when in fact nothing could be further from the truth. It’s takes a lot of people-power to build, maintain and continuously improve on what we are doing.
On top of that, I like to mention that we don’t take other people’s hard earned work and slap OpenCandy on it. Developers decide for themselves if they want to participate in OpenCandy. They can also change who they want to recommend at any time.
On another note, right now as I type this, there is a shady download site that takes open source software, wraps them in a funky installer and shows screen after screen of opt-out junky (or at least of very little user value) software… In addition and to throw salt in the wound, this site buys Google Ads using the open source projects’ names to trick people into going to their site to download THEIR bastardized/crapified versions of open source software. NOW THAT IS WRONG!
Old Fashioned Way?Personally I’m not a fan of toolbars (the only one I use is Groowe in Firefox, but I do have the Windows Live toolbar installed in IE). Historically the reason I’m not a fan is because I’ve spent too much time removing toolbar after toolbar from someone’s system who didn’t intentionally install it in the first place. Yes OpenCandy’s network and technology will be used (actually it already is) to distribute toolbars. The difference is that the CHOICE to install the toolbar or not is right there for the user to decide. I don’t inherently think toolbars are bad… I inherently dislike anything opt-out. And toolbars are (currently and likely to remain) a small % of recommendations in the OpenCandy network. And besides, as I said, they are clearly opt-in.
Web Privacy, User Privacy, Software RecommendationsWhen you surf the web, every site you go to, without explicit user permission, is, at least (temporarily) logging: Your IP address, what browser you used, the browser version, operating system and version, where you came from (and if you came from a search engine, which search terms you used) and sometimes (depending on security settings or lack thereof) other sites you have browsed during your session. There isn’t any choice there, if you surf the web that’s the way things are. And soon, all software installers will be the same way. But this can either be done the right way (not obtaining or storing personally identifiable information) or the wrong way (blatant flaunting of exploiting user privacy and sharing personally identifiable information with any number of unrelated third parties). We chose the right way. Right now we are the minority. But my hope is that what we are doing fundamentally creates a foundation (and changes the current ways of which) developers generate revenue from recommendations. We are either going to be successful and show the world how to do this the right way or watch the real predators (I’m not naming names) destroy the relationship between developers and users.
I don’t consider any other company currently doing advertising during software installations a competitor. For the simple reason that they do it in a way that is disrespectful to users (opt-out software of little value). And they try to obfuscate the fact that the additional software is optional (by placing the Accept button where the Next button should be).
You can still install software that integrates OpenCandy and not see a recommendation… It’s the same as using an ad blocker in your browser, except in this case you use a software firewall to deny access to the internet for the software you are installing.
Also, some open source developers (that participate in OpenCandy) are still producing an installer-less version of their software, which means you can still install their application without ever seeing an OpenCandy recommendation.
Would you rather have another opt-out browser toolbar trying to push it's way onto your system or have a recommendation for a piece of software that a developer you trust (you trust them enough to install their software) loves? Especially when that recommendation is made in an easy to understand, non-sneaky, user-centric, opt-in manner?
That’s what I don’t understand about the Sun & Opera comment. Basically it says that #1) only big companies should be able to recommend software and #2 that it’s okay that they do it opt-out.
We provide technology and a moderated network that any size developer, project or company can use (for free) to recommend software they love in a user-friendly way.
Believe me that when I say I had no idea how much money was around for people willing to bundle opt-out (or opt-tricky, those who put the Accept button where the Next button should be). If we wanted to, we could just go that route and be immensely profitable already. But that’s not what the founders of OpenCandy envisioned and that’s definitely NOT what I signed up for. I need to sleep at night and I can because we chose, instead, to create valuable to the whole software ecosystem (developers and users). We’re a small startup trying to make good things happen in the worst economic climate since the Great Depression.
I joined OpenCandy for a few reasons, but none more important than because I believe we can change the software world for the better. The fact that somebody (anybody) residing in a country with less opportunities than the US, armed with nothing other than a PayPal account and a desire to create a great piece of software, can give it away for free and make money recommending other software they love (via OpenCandy) is, to me, an absolutely INCREDIBLE thing.
Venture Capital & Capitalism (GASP!)We are in business to help developers get more visibility and make money, if they chose to do so. It's a key part of enabling our vision of helping developers innovate and create better, more competitive products. By doing so, consumers benefit by having better products available to them. That's our vision. We limit our ability to help developers accomplish this if we can't help them gain visibility and/or make money.
Money also means that we are able to give back the software community at large. As a matter of fact, I just got back from Montreal a few days ago. We sponsored the Libre Graphics Meeting (aka LGM).
LGM is where the developers of open source graphics applications (Gimp, Inkscape, Hugin, Scribus, Blender, etc) get together once a year to discuss their software, solve problems, plot a course for where their projects are going, socialize and more. I also got to speak at LGM. I encourage anyone (who is STILL) reading this who wants to find out more about the type of person I am to watch my talk called
“Open Source & Money: Not Mutually Exclusive”. It’s not your typical (read: boring) PowerPoint presentation. Heck, it’s not even really about OpenCandy (I didn’t say anything about OpenCandy during the presentation; instead I let the audience decide if they wanted to ask about OpenCandy during Q&A... they did, it was OPT-IN!). It’s about the fact that life is short, be passionate, build something of value to the world and leave a real legacy.
What about Me?I’m paid by OpenCandy to wear many hats. It includes community outreach, talking to developers, learning from users, auditing software that wishes to participate in OpenCandy (both as publishers, those who recommend and as advertisers, those who wish to be recommended) to make sure they adhere to our guidelines, speaking at conferences, rewriting our website to accurately reflect our mission/vision, talking to developers of applications I LOVE about participating in OpenCandy, and a whole bunch of other things...
I know this is an incredible long post on a forum. I didn’t expect to wake up this morning to a Google Alert about OpenCandy being raked over the proverbial coals. On the whole I’m really glad to have this discussion, especially in the open for all to see and debate. So ask me anything, here, or via email. And if you decide that I’m a decent person after all, you can
follow me on Twitter. There you can find me tweeting about
great software and trying to
help people solve tech issues (hardware/software).
Thanks
Dr. Apps / Andrew
OpenCandy
Software Community Guru