"The thing is that OC installs itself(in the program directory as dll and in the registry) and does not tell the user about it even if the user does not want to install the recommended software, based on my experience."
"I asked a similar question some 70 posts ago.... http://www.donationcoder....18297.msg164050#msg164050"
The fact that not ALL
"Let's say I install something containing OC and decline the recommended application. Then the next time because of the stuff they left on a user's system, they know what I previously installed, so they don't offer me that, and they know what I declined and won't offer me that again, either. After awhile, after a sizable portion of the world's developers are using OC in their installers (which is what they are hoping for), it would be possible to gather a pretty large list of what a user has installed on their system and what they are not interested in, in a single shot."
OpenCandy's recommendation engine doesn't function to build a database of what software people have installed on their system. It's function is to make a "good" recommendation. So if 90% of computers install "Bob's Bodacious Biorhythms" software when it's recommended by "Julio's Horoscope Creator" then statistically we (and Julio) are probably making a "good" recommendation. The inverse, if "Joe's Awesome Task Manager" recommending "Frank's Fantastic File Syncing Tool" results in zero installs then it tells us that "Joe's Awesome Task Manager" should look into recommending something else.
"But if it is harmless and not capable of doing anything, what would be the reason for leaving it and any registry entries related to it on a user's system after the install process is completed, unless it is to activate and/or retrieve other data later, such as the next install of anything containing OC?"
The OC dll is also called during uninstallation.
We provide (aggregate, non-personally identifiable) statistics back to publishers about installation and uninstallation of their software. The idea being that anonymous statistics like (a high percentage of) uninstallations can help a developer recognize if something needs to be fixed, changed, enhanced in their software (though they're going to have to reach out to their users to find out the actual reasons).
"Combine that with the data they can collect from your IP address when it contacts their servers, and they can pretty much know where you live, your connection type, what ISP you use, whether you install software at night more than during the day, on weekends rather than during the week, and a ton of other statistical data about you,too. Even without knowing your actual identity and precise street address, they can know a lot about you. This is what is not told to the user, and it's this type of information collecting the user doesn't know about and hasn't consented to."
"Why is it I had to point out what is installed where? And not OC's webpage."
We are currently in the process of re-architecting our entire website. Currently it has ZERO flexibility to work with content. Also, previous to me being hired at OpenCandy there wasn't a single/central person (who had time and was responsible for) getting content/information on the website. So a lot of the information I've provided here will be available on our website as well.
"What exactly is that dll doing in it's own folder as well as other programs, after the install, nothing? Is it waiting on input? Is it sending anything anywhere?"
"No, Dr apps I don't see you as a tech, as in computer technician.
Unless you are just not saying. Cause you haven't said anything that leads me to think that you know much more then anyone with google and some scanners."
I am. It's what I've been during for years. This thread hasn't afforded me the opportunity to prove my "geek cred". But I'm around (on Twitter, now here, and hopefully I'll launch my new blog soon)... So, there will be plenty of opportunities for me to share my tech knowledge.
"And most troubling is the lack of willingness to disclose the users of OC. If it's so great then why is it not revealed before installs. There's other questions not answered
Answered above in response to @app103. ALL Publishers MUST disclose OpenCandy via their EULA. Publishers are free to decide for themselves if they want to talk about OpenCandy on their websites (though we encourage them to blog/inform their community about us!), some of them already do (I linked to some, a bunch of posts back). Also, we have "Powered by OpenCandy" on every recommendation screen and we have a link to our site in the downloader. I also mentioned earlier in this thread that we plan to have an OpenCandy link (and possibly a link to specific information about the recommended program) in the recommendation screen but due to technical issues it hasn't been implemented yet.
Also, if anyone wants to check out our SDK and documentation, it's available here: http://www.opencandy.com/participate/
(I didn't link to the direct download of our SDK because when it's updated the file name changes).