opencandy

  • Question
  • Updated 8 months ago
Miro installed a software package on my system (OpenCandy) and I did not give permission for this backdoor behaviour. I do not permit packages to submit other software without my knowledge and consent. When I de-installed Miro (and I will leave it de-installed until this issue is resolved), the OpenCandy package appears to still be there:

Top-level folder: c:\OpenCandy
Entries in the Registry.

Please acknowledge that you included this software and let me know how to remove it.
Photo of

  • 3 Posts
  • 0 Likes
  • upset

Posted 6 years ago

  • 5
Photo of jessep

jessep, Employee

  • 42 Posts
  • 7 Likes
Hi Ripwit,

I'm sorry about this. OpenCandy is a a software recommendation engine that we added recently in order to suggest other free and open source software to our users. You can find out about the organization at www.opencandy.com.

I wasn't aware that it permanently left their recommendation engine on the user's machine after running it. We'll look into that right now and fix it as soon as possible.

Thanks for pointing that out,
Jesse
Photo of jessep

jessep, Employee

  • 42 Posts
  • 7 Likes
Hi Ripwit,

I spoke to the folks at OpenCandy and they're aware of the bug and working on it. We'll be pushing out a fixed version soon.

Cheers,
Jesse
Photo of

  • 3 Posts
  • 0 Likes
Thanks for your rapid replies. I'll look forward to a solution. I certainly didn't want to imply that I wouldn't opt-in for this service, I just need an explicit opt-in and a way to de-install. Thanks!
Photo of

  • 2 Posts
  • 1 Like
OK, looks like I've been stung too!

I am surprised and shocked (perhaps I shouldn't be) that Participatory Culture Foundation has bundled this backdoor adware into their Miro installation process. To my mind, it is unconscionable and reprehensible that any reputable company trojan another application onto their users' systems without clear permission and the clear option for users to opt out. And (sorry jessep) it is inexcusable that in replying to this problem, PPF pass responsibility for the problem onto OpenCandy.

Don't PCF test their installation procedures before releasing software updates to a trusting public? I really can't work out which is worse -- knowingly installing unsolicited crap onto their users' systems or unknowingly installing unsolicited crap by insufficiently quality assuring their software before releasing it? Has PCF entered the ranks of disreputable software producers that everyone eventually learns to distrust?

Completely uninstalling Miro has not removed OpenCandy from my system -- it's still there in C:\OpenCandy (ok, I'm able to delete this directory), but registry entries still remain -- what do these do and how can I remove them all -- and who knows what crapware is now running in the background on my PC.

PPF, please provide **explicit** instructions, how the heck do I rid my PC of **all** traces of OpenCandy ????
Photo of jessep

jessep, Employee

  • 42 Posts
  • 7 Likes
Hi Gricket. Thanks for the feedback. I understand why you'd be frustrated/concerned and I'm thinking seriously about it. Please see the explanation below for more detail on the issue. And the following for instructions on removing the registry entry.
Photo of jessep

jessep, Employee

  • 42 Posts
  • 7 Likes
Hi Guys, here's an explanation from OpenCandy about the issues related to the folder and registry entry. Please see next comment for instructions for removing the registry entry:

"OpenCandy is not an application, as it has absolutely no functionality outside of being used by your installer to present and install offers. OpenCandy software does not execute on your system outside of the installer unless you have accepted a recommended piece of software. If you execute the DLMgr.exe software after it has completed delivering a recommended piece of software, it will do nothing other than exit.

A copy of OpenCandy software is separately installed with each application that uses it. Each application's uninstaller is responsible for removing the installed pieces (OCSetupHlp.dll and DLMgr.exe).

In our next release, we have modified the software to relocate it's directory location to the logged in user's AppData directory and a defect has been corrected that created the directory when it was not needed.

After a recommender's software has been uninstalled, if a recommendation was accepted and installed, the directory is left in place because some recommended software's installers require the original install package to uninstall themselves.

(Most notably some Microsoft MSI based installers require the original .MSI file to uninstall. We are unsure why Microsoft chose this approach as it vastly complicates user's file management but given the number of MSI based installers apparently the majority of users do not mind the pitfalls)

If a user wishes to remove the OpenCandy directory, they may simply delete it noting that some installed recommended software may not be removable afterwards (see above). We highly discourage this practice and are working on a policy that would require recommended software to be removable without the presence of the original installer file. This would allow us to automatically remove the original installer file and the directory.

OpenCandy makes use of the system registry to store some data related to the operation and delivery of accepted software to a user's system. This information is anonymous and there is no association between any personal information you may enter into a recommender/recommended installer and the information stored by OpenCandy software.

We chose to use the registry to store this data in order to *prevent* the use of IP address recording, CPU ID#'s, or other unique personally identifiable means to coordinate session interactions. We believe in and strive to maintain a user's anonymity. This is no different than the use of anonymous cookies to keep track of a website session.

Session based interactions include things like:
-Installing a product
-Uninstalling a product
-Installing a recommended product
-Uninstalling a recommended product

The choice of using the registry also provides a heightened level of security for users of the Vista line of OS's. In order to interact with the OpenCandy registry entries, elevated administrator rights are required, which Vista prompts the user for consent prior to allowing access. This access level is required by Installers in general, but no common user software requires this level of access so malware cannot access this information without explicit notification of the user.

If a user wishes to remove the OpenCandy registry entries, they may simply delete the OpenCandy registry tree: HKLM/Software/OpenCandy. Doing so may interfere with some aspects of our recommendation system and provide poorer recommendations to the users that do so, however, there should be no other side effects."

So that's an explanation of what OpenCandy is and does relative to the issues outlined here. We're thinking this through right now, though, and considering our response to these issues.
Photo of

  • 2 Posts
  • 1 Like
Thanks jessep,

This has helped me to remove all traces of openCandy from my PC. So, for the moment anyway, I have cleaned my PC of Miro and OpenCandy. Such a shame Miro installer did this to me. I really liked Miro and where it seemed to be heading. But, sorry guys, my PC is my own and not for others to place unwanted, unsolicited, unexplained and essentially backdoor software on my system. Until Miro installer is open and honest about this and until it gives its users the option to opt out, I'm voting with my feet. No more Miro for me! Sigh.
Photo of jessep

jessep, Employee

  • 42 Posts
  • 7 Likes
How to delete the OpenCandy Registry Key:

The following instructions are tested on Windows XP. These instructions were gathered from this article on about.com. For instructions for Windows Vista (very similar) please visit this article

1. Start the registry editor
- Go to Start Menu
- Click 'Run'
- Type 'regedit', click ok
2. Navigate to the open Candy folder
- On XP it is located at: HKEY_LOCAL_MACHINE > SOFTWARE > OpenCandy
3. Backup the OpenCandy Registry Key (just to be safe, in case something goes wrong.)
- Right click the OpenCandy registry key (looks like a folder)
- Click 'export'
- Save the file somewhere on your computer
4. Delete the OpenCandy Registry Key
- Select the OpenCandy registry Key (looks like a folder)
- Go to the edit menu and click 'delete'
- Click 'OK' to confirm the deletion

That's it, you're done.
Photo of

  • 1 Post
  • 0 Likes
Remember that good news travels very fast on the internet but BAD NEWS travels at the speed of light. Don't outsmart yourselves out of business. It should never be the onus of the end user to seek for a solution to an unsolicited problem. Duly noted and circulated.

Have a nice day.
Photo of

  • 1 Post
  • 0 Likes
I'm a little miffed about why use the registry at all for this type of activity. The registry should be place to store installed software configurations, not whether a user clicked A or B on thursday. If you want to store that level of info fine, but store it somewhere in the miro database. The miro database seems to be doing fine understanding which videos and channels I want to download... why aren't you treating the updates the same way? Treat them as a podcast... simple RSS.

On the upside, you guys have an exit button that works... Nothing upsets me more than a program that wants to start at startup, asks me if I'm sure I want to exit (when I choose it from the menu... sometimes when the X is close to other buttons that have meaning I'd appreciate an 'are you sure'..) , and 'closes to some hidden form' when I click that X in the corner. If you want to play with any of these 3, give me the option to turn it on and tell me about it, don't do it for me, and always keep them settings in the options->settings menu.
Photo of

  • 1 Post
  • 0 Likes
OpenCandy is a third-party plugin sorta thing they've latched on to Miro, so they can't use the Miro database, coz OpenCandy is designed to work independent of whichever software installs it.
Photo of jessep

jessep, Employee

  • 42 Posts
  • 7 Likes
Hi All,

We're going to remove OpenCandy from our installer next week. Thanks for pushing back on this.

We still think the core idea of open source projects promoting one another is a great one, and we'll continue to support and promote other FOSS projects whenever possible.

~Jesse
Photo of

  • 3 Posts
  • 0 Likes
Jesse - I still think the ability to opt-in, and a simple way to remove this feature would be sufficient. We all want to support FOSS - we just don't want to have secret software installed. Thanks...roger
Photo of

  • 1 Post
  • 0 Likes
Does anybody know what other apps install this Opencandy dir/keys? I am not using any of the above but do see the evidence that it was updated on my system. Any others? I recently added TVersity and MediaInfo. I think it is MediaInfo since folder create dates are identical. Any others you all have heard of?
Photo of HonestySoughtH

HonestySought

  • 10 Posts
  • 0 Likes
@jigster

Installing *any* "open"candy infected application on a virgin install of XP with any one of a myriad of install-monitoring tools reveals that "open"candy does leave more behind than the "open"candy apologists have stated.

Dishonesty and inordinate self interest is at the heart of the problem here.
Photo of ImagineerI

Imagineer

  • 1 Post
  • 1 Like
I just found entries for OpenCandy while doing normal cleanup. After an internet search I came to these questions. I have to say Miro has committed a very serious violation of trust here for the following reasons:
1) You did it in the first place. --Jesse, I know you have been very pleasant on these forums but this is the equivalent of a thief breaking into my house and WHEN I find my stuff at the pawn shop, the thief offering to "graciously" give it back. Sorry, it doesn't work that way. There are some things you JUST DON'T DO. Remember Intuit's TurboTax a few years back?
2) There was no uninstall. Yes, you have give some instructions on how to MANUALLY edit the registry. Who let's average users do that?!
3) There was NO uninstall! Even with your steps above, the underlying DLL and service are still not uninstalled. I'm willing to bet that those registry entries just magically reappear.
4) You lied. I don't use that lightly. Above, you said that OpenCandy has been removed from Miro. The datestamp says "5 months ago". I just checked another machine. Download and install dates are 4/18/2009. Guess what? OpenCandy is installed.

Miro has now completely violated the user's trust.
Photo of jessep

jessep, Employee

  • 42 Posts
  • 7 Likes
Hi Imagineer. Hmmm. When did you install Miro?

We did remove OpenCandy after this thread. Then a couple of months ago OpenCandy approached us saying that they had changed their install process to address the issues we had.

Their documentation said that they only added anything to the user's computer if they opted into installing something, and then they stored it in the Miro directory rather than the registry, which we thought was okay given that the recommendation page has a notification on it that is powered by open candy.

Can you explain to me where you found "entries for OpenCandy"? Was it in the registry or within the Miro directory?

Also, if you found anything with OpenCandy in it, it should mean that you opted into installing the recommended software. Do you remember doing that?
Photo of Clay MannixCM

Clay Mannix

  • 12 Posts
  • 0 Likes
it.s still in there
Photo of Clay MannixCM

Clay Mannix

  • 12 Posts
  • 0 Likes
Photo of Clay MannixCM

Clay Mannix

  • 12 Posts
  • 0 Likes
fresh download today on a machine that has never had Miro
Photo of jessep

jessep, Employee

  • 42 Posts
  • 7 Likes
Hey Clay. As explained above, we removed the app due to the issues raised in this forum. OpenCandy then fixed their app to address the issues and we added it back in a few months later. So yes, we do ship Miro with OpenCandy and during install it asks you if you'd like to install some software. That offer is opt-in only, so you don't get anything unless you actively choose it. Do you still think this is an issue? Is there an issue with how OpenCandy operates?
Photo of

  • 6 Posts
  • 0 Likes
This OpenCandy stuff is quite stinky, I cannot believe that a group calls itself "Participatory Culture Foundation" manages to install a hiddenware-spyware called OpenCandy. I am truely impressed by the skills and foresight that are shown by the developers.

They said it was removed, but it was just removed from the installer, it keeps installing itself in a hidden manner which is even worse.
Photo of jessep

jessep, Employee

  • 42 Posts
  • 7 Likes
Dude, this is crazy. Opencandy isn't spyware, and it isn't hidden! Also it was removed when we said it was removed. OPEN CANDY CHANGED THE WAY THEIR APP WORKED TO ADDRESS THE ISSUES RAISED IN THIS VERY FORUM THREAD AND WE ADDED IT BACK!!! It doesn't install itself in a hidden manner. During the install it offers you some software, if you say no it doesn't do anything. It's all very transparent.
Photo of

  • 6 Posts
  • 0 Likes
Not the nightly builds.

Jessep, the thing is that OpenCandy is in the business for collecting user data. If that is not spying on people, then what is ?

Anyways, I loved Miro and tried to support it. But This OpenCandy thing is not something I want to see in an application`s installer I use(free or paid). Thus I wont be using Miro from now on.
Photo of

  • 6 Posts
  • 0 Likes
Jessep btw regardless of what you choose during installation OpenCandy seems to install itself(OpenCandy not the suggested software) and add itself to registry but you claim the oppoosite. Have you tried installing and checking out what is going on really?
Photo of Clay MannixCM

Clay Mannix

  • 12 Posts
  • 0 Likes
no, it's still there, with no uninstall
the files and registry entries have to be removed manually
OC is crapware/adware

it's in the download and drops it's .dll into OC client's software
if it's not already there

test it yourself
Photo of

  • 6 Posts
  • 0 Likes
Jessep,

You also need to declare on Miro`s web site that Miro is participating with OpenCandy ring but you do not. This is deceptive. Do not get me wrong I am not looking for cynical motivation here but right way to do the business is to declare such stuff prior to download not during installation.
Photo of JED

JED, Official Rep

  • 870 Posts
  • 97 Likes
So what I'm seeing is that the OC files are in the registry below the PCF registry entries. And the OC files are getting installed in the C:\\Program Files\Participatory Cult...\Open Candy directory.

For me, testing nightly builds regularly, it's 1 extra screen to click next on, as the OC option is set to Don't install, by default. After that - it doesn't do anything.

The next day when I install the nightly again, yes, another install, another offer. But I think if OC was really devious and spying on me, it would make a new unique offer, not the one I had declined the day before. Or even a few minutes before depending on the tests I was running.

I think you are over-reacting.
Photo of Clay MannixCM

Clay Mannix

  • 12 Posts
  • 0 Likes
the problem is that it's not disclosed
that another software company is installing on my computer

when i choose a software i don't want more

OC is trying to help sales-fine
i need to know before i download
exactly what i'm getting

over-reacting? i don't think so
it's not dangerous-the file and reg entry
it's done without informing that i'm getting two software companies
not 1 like i choose

i will opt-out of OC untill they and the softwares involved disclose this practice
and build an uninstall or opt out of OC

it's exploiting a loophole and most users will not see it
perhaps that's the plan, since it's already in the computer before you can stop it
Photo of sg

sg

  • 289 Posts
  • 24 Likes
Miro bundles a lot of software components where PCF deems it necessary, like VLC, libtorrent, Perian, Sparkle, Growl, and whatnot. Unlike those listed, OpenCandy does not run unless a user explicitly opts in and instructs it to do so, and to my knowledge does not do anything malicious ever, so I fail to see any malintent here or inherent to OpenCandy...
Photo of

  • 6 Posts
  • 0 Likes
Guys, OpenCandy is installing itself you opt in or not. Instead of playing it down why do not you just look into the problem?. We are not talking about the recommended software we are talking about repeated OpenCandy registry entries and installation files regardless of the state of the choice during installation.

Sure everyone has their opinion, I do respect that but the thing is that this issue has nothing to do with an opinion or perspective. I happily downloaded Miro and ended up with something called OPENCANDY. Yes I can delete it but I can delete the things I see. How am I supposed to know whatelse they put on my computer? I do not trust them a byte, a nibble, not even a bit.

If the developers think that they can make money out of this thing they are wrong. I hope they make but this kind of stuff generally blows back. Did you know that founders of OpenCandy at some point were founders of shameful DIVX?

From Wikipedia

"At one point, DivXNetworks offered for download an "ad supported" version of their DivX Professional product free of charge to users who were willing to view advertisements. The ads were delivered by the GAIN ad server software. While this attracted much criticism at the time, users had to manually select the "ad supported" download rather than the for-pay professional version or the free version. Additionally, users were informed during installation of the ad-supported version that the Gator software would be installed on their PC and were presented with a license agreement to which they had to consent in order to continue the installation. Regardless, the Gator software would still install parts of itself without the user agreeing to this installation, and was difficult to remove after installation. This raised considerable consternation amongst DivX users, causing many to turn to its free software rival, Xvid. "
Photo of jessep

jessep, Employee

  • 42 Posts
  • 7 Likes
i hear you. so what we're going to try is having a screen during install where it says, "Do you want us to recommend you some software?" and if you click yes then it'll run OpenCandy. We'll still ship Miro with OpenCandy, but unless you opt in on this screen it will never run.
Photo of jessep

jessep, Employee

  • 42 Posts
  • 7 Likes
Okay, talked to the OpenCandy guys about this, and figuring out the best way to disclose what's going on. They're going to add a comment to this thread explaining exactly what they do, and we're going to disclose on the site, at the time of download, that OpenCandy is included and provide more information. We'll also probably include an alternate download link for people who don't want it, but that might take a while because our developers are busy.
Photo of Dr. Apps

Dr. Apps

  • 5 Posts
  • 1 Like
Disclosure -> Transparency -> Choice

The Problem? Disclosure!
The Solution? DISCLOSURE!

Some of you know me from other threads, but for those that don’t, I’m Dr. Apps, Software Community Guru for OpenCandy. I joined OpenCandy at the end of February of this year. I discovered OpenCandy when I was updating MediaCoder in November, 2008 (see here: http://twitter.com/drapps/statuses/1018127759). (Sorry, can’t help but intro myself.)

Jesse and I discussed this thread at length over the last two days and I realized I’ve been missing the message on what you said you wanted. Which is disclosure. At OpenCandy we are passionate about doing what we do in a way that is respectful of users. If there is a way to do it better, we are all for it.

We have already begun work on messaging for the Miro download page to inform people that Miro’s installer includes recommendations powered by OpenCandy.

Disclosure is all well and good. But if people don’t know what we actually do, why we do it and most importantly HOW we do it, they aren’t going to be able to make an informed decision about OpenCandy.

What We Do

We provide technology and a network to enable software developers to choose software (or services) they love or believe their users will find valuable and present it to users as a recommendation during installation of their software. Our network is moderated; meaning those that wish to participate must meet certain guidelines to ensure safety, security and transparency to users.

Why We Do It

Yes, the people who started OpenCandy were former DivX founders, executives and engineers. Yes, they made business decisions while at DivX, for DivX that I personally (as a user-advocate and computer fix-it guy) didn’t agree with. This isn’t about DivX though, this is about OpenCandy. After leaving DivX, they realized that some of what they learned about software distribution could be applied to something that revitalized the software community for the mutual benefit of USERS AND DEVELOPERS. They saw how third party bundling was being done in a non-user friendly manner (from the install experience to the privacy issues) and created a vision and framework to do it in way that DOES offer an optimal user experience. OpenCandy was born.

How We Do It

The OpenCandy Installer Plug-in.

#1) Recommendations

The OpenCandy installer plug-in (otherwise known as OCSetupHlp.dll) is what publisher’s integrate into their software’s installer to enable recommendations to be made. The plug-in ONLY functions during installation (and optionally) un-installation of the publisher’s software and in accordance with our Privacy Policy.

If you decide after receiving a recommendation that you don’t want the OCSetupHlp.dll on your computer, feel free to delete it. I guarantee it won’t magically re-appear.

#2) Installer Analytics

The plug-in also enables publishers to learn ANONYMOUS aggregate statistics like how many times their software is installed and uninstalled. This helps developers create better software and drives competition in the software community. The thinking is that if a software publisher knows how many times their software is installed and uninstalled then they’ll be able to notice, for instance, if one month a new version they released results in a statistically higher rate of un-installations. Then they can reach out to their community (via blogs, forums, etc) and say “Hey, the recent release of our software is resulting in 30% more uninstalls. If anyone has any ideas why, please chime in and let us know what you think is causing this.”

To reiterate: The OCSetupHlp.dll has ZERO functionality by itself. It only runs as part of the installer it was integrated with.

User Privacy

Our privacy policy is very straight forward and crystal clear on what information we collect. (Personally, I think ALL privacy policies should be.) What sets our policy and our actions apart is that we don’t want your personally identifiable information. That’s why we don’t store your IP address or any other personally identifiable information about you. Here’s an example of what we know about you: A Windows (XP, Vista, whatever) computer residing in the United States (or some other COUNTRY, yes just COUNTRY) accepted or declined an OpenCandy recommendation during installation of Miro.

Wrapping it up :)

I know it’s hard for people to understand (or accept) what OpenCandy does unless the information is readily available. Our new website will be launching soon and I’m also working on getting our FAQs up here (on GS).

I’m glad to be able to have this conversation out in the open for everyone to be a part of. That way we can be sure we’re doing the right things and that our actions match what we’re saying. :)

We are really proud of what we’re doing, why we’re doing it and most of all, HOW we go about doing it. That’s why we have awesome partners (like Miro) working with us. They’ve had the chance to learn our story because we’ve communicated and shown it to them, but until now we haven’t had the chance to share it to the rest of the world. :)

Thanks,

Dr. Apps / Andrew
Photo of HonestySoughtH

HonestySought

  • 10 Posts
  • 0 Likes
Disclosure should be made EXPLICIT PRIOR to download. Give the users a choice of an "open"candy infected installation wrapper, and a virgin installation wrapper. THERE is where the informed consent is.
Photo of UnibomberU

Unibomber

  • 3 Posts
  • 0 Likes
No matter how you "sugar coat" it OpenCandy IS adware and spyware. First off aren't the recommend programs a type of ad? Personally I think so. Also anything that sends info back from my registry is considered spying. "Anonymous" or not. Besides how can it be anonymous when you get my IP and other info unique to only my machine?

Dr Apps you made a claim that it sends data back when a OpenCandy app is uninstalled, so if the OC dll can be removed at ANY TIME how does this function still work then say the dll is removed? Also if users are running firewalls and BLOCK OpenCandy/ app installer from accessing the internet how will OpenCandy still function and what use will it have? I think the ONLY REAL thing it will succeed in doing is ruin peoples trust in otherwise good software.

Software developers PLEASE don't bundle this with your software. Nobody likes being forced into installing unwanted third party apps especially addware and spyware. This concept DOES NOT work, its been proven with Gain (Gator Advertising and Information Network), Cydoor as well as numerous IE toolbars.

Oh and one last note Dr Apps if you claim your program is so legit how come you don't release the source code and tell us the REAL facts as opposed to being so vague and writing the same thing, nearly verbatim, on all sites that you post on?

The Internet Unibomber
Photo of jessep

jessep, Employee

  • 42 Posts
  • 7 Likes
FYI, we've already removed OpenCandy, due to repeated complaints. We don't condemn what they're doing, I think there's a broad misunderstanding about it. At the same time, we didn't want to piss people off anymore, especially around issues of privacy, so we just took it out.
Photo of Dr. Apps

Dr. Apps

  • 5 Posts
  • 1 Like
An Interesting Sunday

Well this is an interesting break from trying to console my teething seven month old and taking care of mommy who isn't feeling well either. It’s not everyday I get asked questions by someone who choose to post under the name of a convicted murderer. But I digress; this information will be helpful to other people, so I’m happy to answer these questions.

Actually I don't disagree that an OpenCandy-powered recommendation is an ad. But OpenCandy isn't adware (http://en.wikipedia.org/wiki/Adware), adware is: a program that once installed shows ads on your desktop or in your browser or a whole slew of other crap we WOULD NEVER do. And we are certainly not spyware (http://en.wikipedia.org/wiki/spyware). We don't collect ANY personally identifiable information, and the NON-personally identifiable information we collect is very limited and not unique at all (see below).

TCP Connections, Anonymity and Privacy

Every website you visit knows your IP and the vast majority of them also log it. Yes, establishing a (legit) TCP connection means the return address is known (yes I'm way oversimplifying TCP :) ) –The only thing we do with an IP is figure out the country it originates from. We do NOT STORE ANY IPs in any shape or form.

Our system is based on a smart plug-in / dumb server approach so WE DON'T NEED to collect all sorts of other information about a computer (or "person" if you will). The fact that someone uses Microsoft Windows Vista and their OS language is English and they're located in the United States is NOT UNIQUE information at all.

Removing Our Dll / Blocking Internet Connectivity EDITED to add bold to this. :)

If you remove the OpenCandy dll (OCSetupHlp.dll), OpenCandy CAN'T/DOESN'T provide any functionality during un-install (btw, I should mention that when you remove the dll yourself you may receive an error during un-install since the file is missing but if you click 'Ok' or 'Continue' the uninstall will complete successfully. See my PS for changes we're making regarding leaving files behind). The same goes for blocking an OpenCandy-powered installer from accessing the Internet during install, we obviously can't provide a recommendation or installer analytics in that case. The exact reason I provided that information was for people who either; don't want to see a recommendation or don’t want to help provide anonymous analytics to the publisher of the software they're installing, or that want to remove our dll.

As far as forcing people to install third party applications, I'm not sure how a software recommendation you have to consciously choose to install could be considered forced upon anyone. Of course I'd never argue against the fact that concepts like GAIN or Cydoor DON'T work... they don't, I loath(ed) them and I've spent a considerable portion of my life cleaning up machines infected with that crap and other things.

Copyleft nor Copyright Determines Legitimacy

So if something is closed-source it's not legit? The reason why our platform isn’t open source is because part of it deals with money which means we have to deal with the potential of gaming/fraud. Legitimacy of a platform, product or service isn't determined by whether it’s copyleft or copyright.

Closing Thoughts

For some people, specifically those who have read my responses to questions in various places, yeah it can seem pretty repetitive (definitely not verbatim though). There's only so many ways for a person to answer the same question(s) and if a question is answered truthfully, then (IMHO) there's really only one (idk, maybe two) ways you can answer it.

Like I always say, I'm happy to have these discussions. When people have questions we're/I'm happy to give answers. I hope this info is helpful.

Thanks. :)

Dr. Apps
@drapps

PS: Two other things I should mention:

#1) Miro’s does not provide OpenCandy recommendations anymore as of version 2.0.5.

#2) Now is as good a time as any to announce this. :) We are currently wrapping up the latest version of our Publisher’s Kit which changes the way our recommendation process works. Going forward our files (OpenCandy_Why_Is_This_Here.txt and our dll, OCSetupHlp.dll) will ONLY be TEMPORARILY copied to a folder within the publisher's program installation folder – IF – a recommendation is accepted. Once the recommendation (again, IF it was ACCEPTED) is downloaded and installed, the OpenCandy folder, dll and text file will be removed automatically.
Photo of HonestySoughtH

HonestySought

  • 10 Posts
  • 0 Likes
Your " 'recommendation' is not advertising " claim is sophistry.
Photo of Clay MannixCM

Clay Mannix

  • 12 Posts
  • 0 Likes
The presence of opencandy should have been disclosed up front, before any download or install.

To date no disclosure has been done upfront.

This is opencandy's mistake.
As well as those who choose to include it in their product.

Discovered and in the open by end users instead of opencandy or it's clients. And how to remove it.
This is not good business practice.

opencandy's file, transfers personal use information over the net.

Perhaps a better review of what a privacy policy consists of would be in order.

http://en.wikipedia.org/wiki/Privacy_...
Photo of Dr. Apps

Dr. Apps

  • 5 Posts
  • 1 Like
Clay,

We made a mistake with the way OpenCandy was disclosed with Miro, I said that two months ago. That's why Jesse put a disclosure on the Miro for Windows download page so that people knew it provided OpenCandy recommendations and analytics. As of version 2.0.5 Miro no longer provides OpenCandy recommendations anyway.

"opencandy's file, transfers personal use information over the net."


I'm not sure how much clearer I can say this: OpenCandy does NOT transfer or collect personally identifiable information (here's a good reference on PII http://en.wikipedia.org/wiki/Personal....

As far as our privacy policy is concerned, it looks like being concise wasn't good enough. We're in the process of updating our PP to be more specific and eliminate ANY confusion people have as to the type of NON-personally identifiable information we collect.

On the whole we've done a lot of things right. I have no qualms about admitting when we make mistakes. We listen to the community and when changes need to be made, we make them. We're always looking and listening for ways to do things better.

Thanks. :)

Dr. Apps
@drapps
Photo of HonestySoughtH

HonestySought

  • 10 Posts
  • 0 Likes
again @ DrApps

Disclosure should be made EXPLICIT PRIOR to download. Give the users a choice of an "open"candy infected installation wrapper, and a virgin installation wrapper. THERE is where the informed consent is.
Photo of Clay MannixCM

Clay Mannix

  • 12 Posts
  • 0 Likes
I didn't say-
"personally identifiable information".
I said personal information.
Recording my personal address is not the issue.
What I download and uninstall, is, that includes opencandy, in your own words.

Other software has pop-ups in their own software, not all, but some, that will trigger a 'why, and how can we help make it better' web site or form. And that is a software I picked to download.

But they don't have a separate software company bundled to report what I install or uninstall. Never asked for it and don't want it either.

Their are download counters that keep track of how many downloads of any software. That should be enough info to determine it's usefulness. As well as blogs and forums posted by the software themselves or other sources of info.

If you want me to let opencandy monitor or report to another software vendor, what I install or uninstall.
Please ask first.
And I'll decide if I want that software installed and that info monitored.

You change words of others which changes the subject. Avoiding addressing the concern posted.
Photo of Dr. Apps

Dr. Apps

  • 5 Posts
  • 1 Like
Clay, man, I'm a nice person, please give me the benefit of the doubt first. :) I didn't deliberately change your words or try to ignore your question -- I did misunderstand though. Sorry.

Disclosure = Choice

I think that's all related to proper disclosure... That way you have a choice about installing software from a publisher. You can also choose to download & install it and do what I do 99.9% of the time, block installers from accessing the Internet using a software firewall.

There is always going to be some percentage of people (albeit a small one) who don't want to see OpenCandy recommendations or help the publishers of software they're installing by providing anonymous statistics.

Thanks. :)

Dr. Apps
@drapps
Photo of UnibomberU

Unibomber

  • 3 Posts
  • 0 Likes
To Dr Apps

Ok our views as to what can be adware could differ so I'm not even gonna argue that. But when your plug-in is sending back ANY KIND of info off my machine that I do consider a form spying. For example the apps I have installed on my machine. That is only for me and the other users of my machine to know. NOT for some company of the internet.

When I was referring to being forced into installing third party apps I WAS NOT referring to the recommended app but to the OpenCandy plug-in its self. Isn't it a kind of app considering its code being executed on my machine? Maybe it doesn't have any power without the host installer but nonetheless its still code I never consented into executing. Personally I don't like it when an app I choose to install comes bundled with stuff I never consented too.

Also you said it yourself that when the installer is blocked from the internet OpenCandy wont work, so then what purpose does it serve? In other words what will be in it for you guys at OpenCandy and the developers say a lot of people blocked it? Next why cant the recommendations be HARD CODED into the installer without the need of the plug-in? Albeit they wont be as personally tailored but could be chosen at random from some internet server with a ONE WAY stream to the others machine. Therefore possibly eliminating the "spying" factor.

I never meant that anything closed source was not legit. In fact I do use several closed source apps myself although I do prefer FOSS alternatives when given the choice. Im just saying that if OpenCandy released the source to there plug-in it might better convince the skeptics to OpenCandy's legitimacy.

The Internet Unibomber

PS
1) You said that with the latest version the OpenCandy folder and its contents will be deleted after install of the app/apps (assuming the recommended one was chosen) . Will the regkeys and cookie also be removed?

2) Say someone did install an app with OpenCandy and did choose the recommended app will the recommended app also include OpenCandy and if so were will it end?
Photo of Clay MannixCM

Clay Mannix

  • 12 Posts
  • 0 Likes
Dr. Apps,

Being a nice person or not is not the issue either, nor the rest of your post.

Your percentage estimate is a guess at best.

I'm talking about facts, you are not.

And advising the use of a firewall?
To block your own program?

List the programs using opencandy.
I dare you to be honest.