What the hell is OpenCandy?

[cmpm]

@mouser

this is the file in a 'opencandy' folder
same file in each folder

[cmpm]

The only registry entry i could find.
And I think he responded well to most of the questions.
I think some he doesn't know the answer to, which is frustrating on both sides. He is a salesman mostly, not a tech, nothing wrong with that.
Like the webpage is selling OC not every technical aspect of it.

It's the mixing that is happening between sales and users that happens. And sometimes there is friction. I thought he handled my crap well anyway, from what he knows.

[kartal]

This is about the time when andrew is probably regretting he ever joined in this discussion, since answering the posts in this thread has become a full time job for him 

If it's any comfort -- i do think the thread is an overall positive thing for OC -- in letting you explain the workings of it to people who might be initially skeptical.  Not everyone will like it, but at least this thread will be a place they can find out more and see both sides discussed reasonably.

-mouser (May 16, 2009, 08:19 PM)

word up

[mouser]

As cmpm confirmed -- it's just an extra dll that the setup program loads.

Which is how i assumed it worked when andrew explained that OC can be integrated into Inno Setup and NSIS Installers.  And that's really a very clever, non-intrusive way of doing it, which i think should be applauded.  Much of the resistance from people on this thread may result from the fact that people assume that OC is installing some standalone program that is running in the background, etc.

Really OC is not doing anything all that different from what many installer tools from larger companies *already do* (i.e. show some blurbs during installation, offer to let people download another related program from the company, etc.); OC just seems to offer an easier and standard way to do this for the developer who is creating the install package.

I think it's pretty clever actually.

[The sending of information to the OC server, while harmless in my view, especially compared to what info websites track every day, is one reason that i personally wouldn't use OC though.  Not because i think it's evil to collect such information, but i just don't think it's worth the nervousness that it causes people.  Though if you made it opt-in to send the info, but let users uncheck the option, that would mostly solve that.]

[kartal]

[The sending of information to the OC server, while harmless in my view, especially compared to what info websites track every day, is one reason that i personally wouldn't use OC though.  Not because i think it's evil to collect such information, but i just don't think it's worth the nervousness that it causes people.  Though if you made it opt-in to send the info, but let users uncheck the option, that would mostly solve that.]

-mouser (May 16, 2009, 09:26 PM)

mouser do not you think there is a big difference between web-medium and desktop medium? These are not blurred as much as some wants and I personally would like to keep things seperate. Because websites have ability to track does not mean installers should do the same. This is like public place vs private property. Web=public place, desktop=private property, and I feel like entities like OC does not want to respect that at all.

[mouser]

well i agree in general with what you are saying -- i don't want to see desktop applications start to do all kinds of tracking like websites do.. that would be horrible.

but it's just hard for me to get upset by the idea of an installer telling a server when a user chooses to install a recommended additional program or not.. of all the privacy concerns this is just really really low on my list of concerns.

having said that, like i said before i personally wouldn't use an installer that connected to a remote server to send information -- just because regardless of how harmless it is, i wouldn't want to risk alienating users.

[rgdot]

I agree with the overall assertion like mouser posted and I alluded to in this thread. The result for the end user is very little different than tool bars and the likes that come with multitude of downloads. OpenCandy is offering a secondary mechanism behind the scenes that manifests itself a bit differently for the user. Of course as suggested it is better if the end user can refuse the OpenCandy registry/folder stuff but really the difference between existing software 'bundles' is not all that much.

[mouser]

i'm inclined to view the toolbar bundles as much much worse.  first, they are often opt-out (that is, checked by default) -- which is EVIL.  second, these toolbar things incorporate themselves into other programs (browser, etc.) and can be more difficult to uninstall.

[rgdot]

@mouser, in that sense you are right, I mean Yahoo messenger installed the toolbar for me even though I clearly unchecked it. So yes there are sneaky ways to get the stuff in or make uninstall difficult but when you are given the choice at install to accept or unaccept and your choices are followed then the difference is not much, the way I see it.

[kartal]

ok here is my bet, I am putting my 100$ if anyone wants to bet on it.

I am %100$ sure that in 2 years OC will become an application that will try to install hidden stuff and spy on your download-installation activity. If anyone wants to bet I am accepting bets. Since we do not want to gamble lets keep the amount not more than 100$.

[mouser]

lol -- it's not enough to criticize what they are doing -- you have to invent predictions of what evil stuff they are going to be doing in 2 years and criticize that? 
i think we are getting carried away here.

[kartal]

well If I predict what they are going to do in the future, they will give up those intentions since they will be exposed earlier:) I am serving a good purpose here

mouser you are right. To be fair I do not know who they are, what they are up to ,what they will do in the future. My own prediction of their future activity is personal assumption based on patterns displayed by others, so it is unfair to display such judgement maybe. But how do we make sure that this stuff wont turn into more dangerous than what it is now? My problem is that generally speaking people overall do not understand or do not care about these kinds of stuff so these practices become daily applications, they become norm, people accept them and move on. In reality they should not be a norm, they should not be accepted such easily.

I just would hate to see my favorite applications adapting to this service one by one. Although if they do I would just drop them, no exception.

[mouser]

i think it should be pretty clear by now that if OC start to make some evil changes  -- you can be we will all be screaming bloody murder here on this forum

[kartal]

Well then my task on this planet is done for now

[app103]

Here is the install screen from my next version of Instant Boss.

Since advertising in installers is now considered acceptable and not obnoxious, I figured I would recommend some product I like.

I have teamed up with a company with a proven track record of abusing the trust of everyone. But don't worry, the founder of the company says he saw the light and he is all reformed now.

He says he won't use any info collected for evil purposes like he used to.

I trust him, because the guy that he sent to talk to me seems like a likable guy, and that is what is really important. Whatever the nice guy says about him must be true and his motives must be pure & honorable, just because the nice guy says he believes it.

Of course I don't have any proof that the nice guy is telling the truth or that he believes what he is saying, himself, but I am going to just trust him any way, even though I think the founder of the company should have gone to jail for a long time for what he did with people's personal information.

I hope you like my recommendation.



</sarcasm>

[drapps]

@mouser
"...or is it just a dll/library that is part of the installer and only runs during installation and uninstallation?"

Yes, that's exactly right.

@mouser
"This is about the time when andrew is probably regretting he ever joined in this discussion, since answering the posts in this thread has become a full time job for him  huh

If it's any comfort -- i do think the thread is an overall positive thing for OC -- in letting you explain the workings of it to people who might be initially skeptical.  Not everyone will like it, but at least this thread will be a place they can find out more and see both sides discussed reasonably."

Haha. Nah, I don't regret it at all. Sure, it's taken quite a bit of time though But it's helped me confirm I made the right decision to join OC, because through explaining what we are doing I've gotten some positive feedback from people, that, on the whole, are just like me... security and privacy minded techies.

@cmpm
"He is a salesman mostly, not a tech, nothing wrong with that."

Fair enough, I'm part salesman. I've been selling myself as well as inanimate objects since I was 12 years old. It started with comic books and baseball cards, then burritos, then financial plans because I believed in trying to help people create a legacy, then IT services to help secure Windows machines for small businesses and home users. And now I'm with OpenCandy because I believe our technology will help fuel innovation & competition in the developer community which in turn will benefit the user community. And I'm proud that we do it in a way that doesn't trample over user's privacy and rights.

I'm definitely a tech (techie), but I'm just not a developer, programmer, coder or engineer (guess those terms are relatively interchangeable). I've personally asked pretty much every question that has been asked on this thread before I accepted my position at OpenCandy. I've asked it to our engineers, our business development team, our founders, and everyone else. I've digested it and I'm putting it out here as best I can in the terms that I'm most familiar with. Of course, if I haven't answered a question (technical or otherwise) clearly enough, please let me know.

@mouser

As cmpm confirmed -- it's just an extra dll that the setup program loads.

Which is how i assumed it worked when andrew explained that OC can be integrated into Inno Setup and NSIS Installers.  And that's really a very clever, non-intrusive way of doing it, which i think should be applauded.  Much of the resistance from people on this thread may result from the fact that people assume that OC is installing some standalone program that is running in the background, etc.

Really OC is not doing anything all that different from what many installer tools from larger companies *already do* (i.e. show some blurbs during installation, offer to let people download another related program from the company, etc.); OC just seems to offer an easier and standard way to do this for the developer who is creating the install package.

I think it's pretty clever actually.

And, at least with OpenCandy, you DON'T have the classic: Click Next -> Next -> Next -- "OMG! How did I get BrandX toolbar?"

@kartal

ok here is my bet, I am putting my 100$ if anyone wants to bet on it.

I am %100$ sure that in 2 years OC will become an application that will try to install hidden stuff and spy on your download-installation activity. If anyone wants to bet I am accepting bets. Since we do not want to gamble lets keep the amount not more than 100$.

I'll bet $100 against that. It'll never happen. We will NEVER install hidden stuff or spy on people.

@mouser

"i think it should be pretty clear by now that if OC start to make some evil changes  -- you can be we will all be screaming bloody murder here on this forum "

Amen to that! I'd be here screaming bloody murder too because I'd leave the company in a heartbeat if that ever happened (which it won't).

@app103

"I have teamed up with a company with a proven track record of abusing the trust of everyone. But don't worry, the founder of the company says he saw the light and he is all reformed now.

What company has a proven track record of doing that? Certainly not OpenCandy.

The business decisions that were made at DivX were made and done... at DivX. This is about OpenCandy. Our business decisions are driven from our vision (which I've covered extensively in my other posts on this thread) and our mission is to carry out that vision in a user-centric and user-friendly way that provides a measurable value to users (discovery of great software).

And regarding what DivX did (which I said I didn't approve of), they stopped doing it in 2004.

@app103
"I trust him, because the guy that he sent to talk to me seems like a likable guy, and that is what is really important. Whatever the nice guy says about him must be true and his motives must be pure & honorable, just because the nice guy says he believes it.

Of course I don't have any proof that the nice guy is telling the truth or that he believes what he is saying..."

The proof about what I'm saying about OpenCandy is being verified (in real time) by people like @mouser and @cmpm.

The proof that I believe what I'm saying...is that I'm saying it. Just like the proof that you believe what you are saying is that YOU are saying it.

I didn't blindly believe what the folks at OpenCandy told me previous to, and during my interview. I did research, I asked the hard questions. I wanted to know that joining OpenCandy (if I was hired) actually aligned with who I am as a person (which at the end of the day is a user advocate).

@app103 If I ever see you broken down on the side of the road........................................ You guessed it. I'd be the person that stops to help... and yes, I'll still help even if it's you!

Off-topic: I started a thread entitled "What makes an application "useful"?" at https://www.donation...ex.php?topic=18350.0 Check it out and share your thoughts.

Thanks again everyone.

Dr. Apps

[kartal]

Well,

The thing is that OC installs itself(in the program directory as dll and in the registry) and does not tell the user about it even if the user does not want to install the recommended software, based on my experience. I do not know why you keep claiming that you wont do anything bad or wrong but in my standard this is bad and wrong. Because first of all most people wont know that OC is included in the installer of the application until they open the installer. Second most people wont even have any idea what the heck a dll or registry is. Clearly you are targeting this majority of people and I believe this might be called an abuse of trust that is shown by those people who though that would just get a free application. You need to make it explicit.

I just cleaned up couple OC registry entries that should not be there in the first place(I think they came from Miro) .Please refrain from such unpleasant behaviours and make sure that the applications that are in your ring clearly points out that they are part of OC network.

[PhilB66]

I asked a similar question some 70 posts ago.... https://www.donation....msg164050#msg164050

[PhilB66]

LOL app103 

"Mama use to tell me
Don’t take candy from a stranger"

[mouser]

The thing is that OC installs itself (in the program directory as dll and in the registry) and does not tell the user about it

I don't mean to keep posting here, but a couple more thoughts:

• First, if you are unhappy about something -- it's not OC you should be upset with, it's the author of the program who decided to use the OC library/api for his or her installer.
• Second, the standards you guys are asking for would amount to all authors "warning" people about all the DLLs and helper libraries every used in any of their programs and installers.  That is just plain silliness.  There is something inherently bad about programs that silently install background processes/toolbars/etc., but this is *not* anything like that.
• Third, what you could possibly *reasonably* focus your ire on is the idea that the OC DLL sends info to their server about the users decision to install or not install the recommended program.  As i've said it seems pretty trivial to me on the privacy invastion scale -- but at least one could make a case for the fact that the user should be warned about this beforehand and given a choice.

In other words -- I really think its misdirected energy to be complaining about the abstract concept of using a DLL in an installer -- there is just nothing to complain about regarding such a trivial everyday thing.  And I don't see why anyone should care if an installer makes an opt-in recommendation to a user about another program that the author wants to recommend.

I do think this thread may be helpful to OC in one way -- it's clear there is some resistance to the concept.  Andrew it may make sense to talk to OC people and find out how badly they really need that information sent back to the server (especially when user chooses not to install), and drop that feature (or make it opt-in) if it's not so essential an aspect of the idea.

[wraith808]

Well,

The thing is that OC installs itself(in the program directory as dll and in the registry) and does not tell the user about it even if the user does not want to install the recommended software, based on my experience. I do not know why you keep claiming that you wont do anything bad or wrong but in my standard this is bad and wrong. Because first of all most people wont know that OC is included in the installer of the application until they open the installer. Second most people wont even have any idea what the heck a dll or registry is. Clearly you are targeting this majority of people and I believe this might be called an abuse of trust that is shown by those people who though that would just get a free application. You need to make it explicit.

-kartal (May 17, 2009, 10:02 PM)

Installshield (and several other installers) do the same thing.  How is this any different?

[kartal]

Installshield (and several other installers) do the same thing.  How is this any different?

-wraith808 (May 18, 2009, 12:22 AM)

Install shield does what?  Does it install secret advertising network dlls?

The thing is that OC dll is irrelevant, it is not needed to run the application, thus it is irrelevant. Irrelevant dlls, exes etc should not be installed with an application. I am not sure why some of you think that it is ok to install irrelevant dlls, but this is not ok to me. And that is why I am stating my opinion and informing those who have no idea. I am the one opened this thread, if it was not to me most of you had no idea either. I do not think I should be the one who is picked out here.

wraith808, if you tell me what installshield does, I would evaluate what it does and start my crusade against installshield as well. At least I would stop using applications that comes with installshield.

I also would like to state that I do not think the way most of you think in certain cases. For example I do not carry the "but everyone does" logic. I really do not care if everyone does or not I just look at the case and bring it on the table, dissect the matter and make my informed desicion. IF you want to inform yourself based on what others does go ahead but "but everyone does" is neither scientific nor any debatable standard. 

[mouser]

I don't mean to be picking on you Kartal -- everyone is entitled to their opinion. 
Furthermore, i've said it before and i'll say it again -- all of us are better off because of the people who are always keeping an eye on and calling out companies when they try to go too far.

Wraith's point though is a good thought experiment for those who are up in arms about the OC DLL.  Think about this:

*ALL* of the major installers (Installshield, Wise, Inno (which i use), NSIS, etc.) can *ALREADY* do what OC is doing.. That is.. they have the functionality to show billboards (adverts) and links to download and install an additional program if user requests it, and even send information over the network.  And all of these tools put a helper .exe that gets installed with the program that aids in uninstallation.  So i'm really not sure why putting these functions into a DLL rather than the main installer helper exe would be something to get upset about.

Again -- if you want to get mad about what an author chooses to *DO* with the OC tool, and you are upset about information being sent over the internet, fine.  But i just don't think it makes sense to get upset about the fact that there is an extra DLL that got installed in the program directory.

[kartal]

mouser, I did not think that you were trying to pick on me. But the way wraith808 laid his cases sounded like he wanted to ridicule the idea little bit. I do not have any personally issues with any personality on this board

I think everyone said enough of their opinions regarding OC case including myself. All I did was trying to inform people.

I would stop watching this thread from now on because I really do not have anything to add for now. But I will add any bad behaviour that OC might implement in the future to this thread later, again to inform people.

[app103]

Second, the standards you guys are asking for would amount to all authors "warning" people about all the DLLs and helper libraries every used in any of their programs and installers.  That is just plain silliness.  There is something inherently bad about programs that silently install background processes/toolbars/etc., but this is *not* anything like that.

-mouser (May 17, 2009, 11:38 PM)

Please do not to mislead people into thinking that everything that is a .dll file is harmless and nothing to worry about.

Not all .dll files are created equal. Not all applications are .exe.

There are a great many things in this world that are "just a DLL" and nothing to worry about.

There are also things that are a .dll that are a lot more than that. Every IE toolbar is a .dll, including my IE clock and the DC Search bar.

I am not saying that OC's .dll is anything evil like an unwanted toolbar, or even a full application capable of doing anything after the install. But if it is harmless and not capable of doing anything, what would be the reason for leaving it and any registry entries related to it on a user's system after the install process is completed, unless it is to activate and/or retrieve other data later, such as the next install of anything containing OC? This could very easily become a system capable of tracking your software in much the same way wakoopa does, only wakoopa's tracking of this nature is completely opt-in, with the user having full knowledge of what is going on and what data is being collected. Even without the .dll file being left on a user's system and just the registry entries, a lot of data can be collected without the user's knowledge or consent.

The data collected this time might not be the same as they collect next time, concerning whether you accept or decline in that one instance.

Let's say I install something containing OC and decline the recommended application. Then the next time because of the stuff they left on a user's system, they know what I previously installed, so they don't offer me that, and they know what I declined and won't offer me that again, either. After awhile, after a sizable portion of the world's developers are using OC in their installers (which is what they are hoping for), it would be possible to gather a pretty large list of what a user has installed on their system and what they are not interested in, in a single shot.

Your software profile grows with every OC enabled installer you use and the amount of data they know about you and your software installing habits also grows. Combine that with the data they can collect from your IP address when it contacts their servers, and they can pretty much know where you live, your connection type, what ISP you use, whether you install software at night more than during the day, on weekends rather than during the week, and a ton of other statistical data about you,too. Even without knowing your actual identity and precise street address, they can know a lot about you. This is what is not told to the user, and it's this type of information collecting the user doesn't know about and hasn't consented to.

This is like placing non-expiring tracking cookies in your registry....the kind that make the old doubleclick look like angels.