|
|
MaxMenus may harbor spyware
On the 18th of September 2002 there were a number of posts of usenet saying Proteron had sent them threatening emails for illegal use of MaxMenus. Let me say first up that I do not condone copyright infringement , and if someone obtains software illegally they cannot expect the vendor to threat them with kid gloves. Nevertheless there are some points of concern-
First, more than one person said that they had received and email when they had not supplied that information to Proteron, so that apparently MaxMenus harvests this from the OS X configuration files. Secondly,I stand to be corrected but , if the software requires administrative privileges on install then appareneltly all security is lost that that time; The installer can read / write /delete the systems most important files. Thirdly, shareware vendors have a rough road to travel, but even so, the threat to get the offender fired from their job, in the posting below is, if correct, disturbing. From: Nikita <nikita2019@aol.com>[Editor's note: I put the post inside the blockquote to separate it from the comment itself...]
Interesting...
I just sent a rather detailed note to a number of contacts at Proteron asking for more information. As soon as (if?) I hear anything, I will definitely report the results.
Interesting...
Rob - I would be very interested to hear the results of your investigation.
Response received...
I received an email response from Sam Caughron, Proteron's President, today, and now firmly believe that Proteron is doing nothing about which I need to be concerned. According to Sam, in both his email and during a relatively long follow-up phone conversation, MaxMenus does not send any personal information on an immediate or scheduled basis when you install the trial version and/or register the program with a valid serial number (it sends the registration information, obviously, but even that is encrypted before being sent).
Proteron has taken some necessary steps to protect themselves from piracy, and Sam shared all of those details with me during our conversation. In the interest of not making it any easier for the pirates to get around those security protections, I will not share the details here. But I know enough about what Proteron has put in place to assure you that any information sent regarding a pirated serial number system is only that information which is available to any program, any time, through Apple's published APIs (and without requiring root access). Sam's willingness to answer my questions, both in email and on the phone, as well as the level of detail that he provided on MaxMenus anti-piracy measures, are signs that Proteron is trying to do the right thing for its customers while also trying to stay in business by reducing piracy. I respect that approach, as if you're going to upset anyone with your policies, it might as well be the ones trying to steal the product as opposed to those buying it! I have no qualms about continuing to use MaxMenus or any other Proteron product that meets my needs - I am confident that none of my personal information is being transmitted. I even ran etherpeek (a TCP packet sniffer) for a couple hours tonight just to see what was going out ... lots of stuff, but nothing related to Proteron that I could see. Registered users and trial mode users (30 days of full use, and then after that, only occasional "nag" reminders, so why would anyone even need to enter a pirated serial number to "test" the program?) should feel comfortable installing and using this cool tool; there's no "Dark Side" at work behind the scenes! -rob.
Response received...
Thanks Rob. Much obliged for your follow up, and relieved on the subject of 10.2 security. I dont have sympathy for people using illegally obtained anthing (although I agree with the arguments of RMS for not using the world "pirate"). Shareware vendors find it tough enough to get a return on their work without duplicate serial numbers gumming the pitch.
Response received...
Rob,
Still Unethical
I do NOT intend to condone software piracy, but something more insidious is going on here. Let me give you a real world analogy. If you steal something of mine and I KNOW you stole it, do I have the right to break into your home, search your belongings, and take back my property? No, I do not. That is taking the law into one's own hands; that is vigilante-ism. Proteron is NOT justified in stealing user's personal information whether they broke the law or not. This is a matter for the police. I do not accept the idea and am very concerned about the precedent that private interests can be defended by going beyond the law. Is there anything in Proteron's License agreement which alerts the user to the fact that his/her personal information is offered in the case the license agreement is violated? If so, is this a legal form of contract? People interested in preserving the values of freedom which exist on the Internet and in the world should be VERY concerned about this.
Still Unethical
Amen Brother Ultan. Vigilantism must not be tolerated. This is a good piece of software to boycott. The thought by the company that the innocent have nothing to fear is perverse. Only legal process can determine guilt.
Difference of opinion...
I feel that accessing information stored in publicly available fields is a far cry from breaking in -- a better analogy, in my opinion, is that I know you stole something, so I used the information in the Yellow Pages to locate you.
Publicly Available?
Nothing on my computer is "publicly available". If I go to my bank and withdraw all of my money in cash, then leave that cash on my front door step, you have still committed a crime by taking it. I may have been foolish in leaving it there, but you have no right to it. Any information available to programs through OS X API's is for programmers to facilitate MY use of that information. I have agreed to NO contract which allows that information to be accessed by companies and/or programmers.
Difference of opinion...
There is absolutely nothing wrong with the accessing of publicly available information; however, the is nothing that assumes that a program's author may use that information. The insidious thing here is that that information is LEAVING my machine without my consent. It should be clear to a purchaser what a program is doing on his machine. The analogy is not using a phone book to look up a number, the analogy is digging through a person's personal papers that he left on his front porch to obtain an unlisted phone number. If he really only wants to stop piracy then he should clearly state that he will harvest this information so that we may choose not to use his software. I should never be denied of the choice to not distribute my personal information. I always pay for shareware and never pirate software, but I never register either. Once I buy a piece of software the seller has no right to know what I do with it.
Difference of opinion...
Publicly stored? I don't know what you consider "public", but the contents of my computer, whether protected from intrusion or not, are nobody's business. The fact that this software retrieves ANY data from my computer that I did not explicitly authorize is a clear invasion of privacy regardless of the reason it is done.
Difference of opinion...
In my opinion, this would be a legitimate difference of opinion if, when one downloads MaxMenus, they are explicitly told up front that the software includes spyware that sends identifying information to the developer in the event that an inappropriate serial number is entered. Then I as a software user have the option of downloading the software on that basis. Does MaxMenus include such a warning? If not, why not? That warning would actually prevent people from using the inappropriate serial number, which is the only laudable objective that the developer should have. On the other hand, explicitly concealing that the software includes spyware serves the additional goal of 'busting' people that use an illegal serial. THAT's the difference between "protecting ones interest" (warning users, so that the illegal serial is never used in the first place) and "vigilante-ism" (busting them).
MaxMenus may harbor spyware
I would love to know what personal information is available to any trial-ware software program that I install. Does any one know the details? Thanks.
Specific or general?
Are you asking in general for a tool to find such data, or in particular about MaxMenus? If it's about MaxMenus, no data gets sent when you use the trial. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.15 seconds |
|