Help get this topic noticed by sharing it on Twitter, Facebook, or email.
I’m upset

opencandy

Miro installed a software package on my system (OpenCandy) and I did not give permission for this backdoor behaviour. I do not permit packages to submit other software without my knowledge and consent. When I de-installed Miro (and I will leave it de-installed until this issue is resolved), the OpenCandy package appears to still be there:

Top-level folder: c:\OpenCandy
Entries in the Registry.

Please acknowledge that you included this software and let me know how to remove it.
5 people have
this question
+1
Reply
  • EMPLOYEE
    I’m sorry
    Hi Ripwit,

    I'm sorry about this. OpenCandy is a a software recommendation engine that we added recently in order to suggest other free and open source software to our users. You can find out about the organization at www.opencandy.com.

    I wasn't aware that it permanently left their recommendation engine on the user's machine after running it. We'll look into that right now and fix it as soon as possible.

    Thanks for pointing that out,
    Jesse
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • EMPLOYEE
    I’m hoping it gets fixed soon
    Hi Ripwit,

    I spoke to the folks at OpenCandy and they're aware of the bug and working on it. We'll be pushing out a fixed version soon.

    Cheers,
    Jesse
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • I’m frustrated
    1
    OK, looks like I've been stung too!

    I am surprised and shocked (perhaps I shouldn't be) that Participatory Culture Foundation has bundled this backdoor adware into their Miro installation process. To my mind, it is unconscionable and reprehensible that any reputable company trojan another application onto their users' systems without clear permission and the clear option for users to opt out. And (sorry jessep) it is inexcusable that in replying to this problem, PPF pass responsibility for the problem onto OpenCandy.

    Don't PCF test their installation procedures before releasing software updates to a trusting public? I really can't work out which is worse -- knowingly installing unsolicited crap onto their users' systems or unknowingly installing unsolicited crap by insufficiently quality assuring their software before releasing it? Has PCF entered the ranks of disreputable software producers that everyone eventually learns to distrust?

    Completely uninstalling Miro has not removed OpenCandy from my system -- it's still there in C:\OpenCandy (ok, I'm able to delete this directory), but registry entries still remain -- what do these do and how can I remove them all -- and who knows what crapware is now running in the background on my PC.

    PPF, please provide **explicit** instructions, how the heck do I rid my PC of **all** traces of OpenCandy ????
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • Hi Guys, here's an explanation from OpenCandy about the issues related to the folder and registry entry. Please see next comment for instructions for removing the registry entry:

    "OpenCandy is not an application, as it has absolutely no functionality outside of being used by your installer to present and install offers. OpenCandy software does not execute on your system outside of the installer unless you have accepted a recommended piece of software. If you execute the DLMgr.exe software after it has completed delivering a recommended piece of software, it will do nothing other than exit.

    A copy of OpenCandy software is separately installed with each application that uses it. Each application's uninstaller is responsible for removing the installed pieces (OCSetupHlp.dll and DLMgr.exe).

    In our next release, we have modified the software to relocate it's directory location to the logged in user's AppData directory and a defect has been corrected that created the directory when it was not needed.

    After a recommender's software has been uninstalled, if a recommendation was accepted and installed, the directory is left in place because some recommended software's installers require the original install package to uninstall themselves.

    (Most notably some Microsoft MSI based installers require the original .MSI file to uninstall. We are unsure why Microsoft chose this approach as it vastly complicates user's file management but given the number of MSI based installers apparently the majority of users do not mind the pitfalls)

    If a user wishes to remove the OpenCandy directory, they may simply delete it noting that some installed recommended software may not be removable afterwards (see above). We highly discourage this practice and are working on a policy that would require recommended software to be removable without the presence of the original installer file. This would allow us to automatically remove the original installer file and the directory.

    OpenCandy makes use of the system registry to store some data related to the operation and delivery of accepted software to a user's system. This information is anonymous and there is no association between any personal information you may enter into a recommender/recommended installer and the information stored by OpenCandy software.

    We chose to use the registry to store this data in order to *prevent* the use of IP address recording, CPU ID#'s, or other unique personally identifiable means to coordinate session interactions. We believe in and strive to maintain a user's anonymity. This is no different than the use of anonymous cookies to keep track of a website session.

    Session based interactions include things like:
    -Installing a product
    -Uninstalling a product
    -Installing a recommended product
    -Uninstalling a recommended product

    The choice of using the registry also provides a heightened level of security for users of the Vista line of OS's. In order to interact with the OpenCandy registry entries, elevated administrator rights are required, which Vista prompts the user for consent prior to allowing access. This access level is required by Installers in general, but no common user software requires this level of access so malware cannot access this information without explicit notification of the user.

    If a user wishes to remove the OpenCandy registry entries, they may simply delete the OpenCandy registry tree: HKLM/Software/OpenCandy. Doing so may interfere with some aspects of our recommendation system and provide poorer recommendations to the users that do so, however, there should be no other side effects."

    So that's an explanation of what OpenCandy is and does relative to the issues outlined here. We're thinking this through right now, though, and considering our response to these issues.
    • Thanks jessep,

      This has helped me to remove all traces of openCandy from my PC. So, for the moment anyway, I have cleaned my PC of Miro and OpenCandy. Such a shame Miro installer did this to me. I really liked Miro and where it seemed to be heading. But, sorry guys, my PC is my own and not for others to place unwanted, unsolicited, unexplained and essentially backdoor software on my system. Until Miro installer is open and honest about this and until it gives its users the option to opt out, I'm voting with my feet. No more Miro for me! Sigh.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. indifferent, undecided, unconcerned happy, confident, thankful, excited kidding, amused, unsure, silly sad, anxious, confused, frustrated

  • How to delete the OpenCandy Registry Key:

    The following instructions are tested on Windows XP. These instructions were gathered from this article on about.com. For instructions for Windows Vista (very similar) please visit this article

    1. Start the registry editor
    - Go to Start Menu
    - Click 'Run'
    - Type 'regedit', click ok
    2. Navigate to the open Candy folder
    - On XP it is located at: HKEY_LOCAL_MACHINE > SOFTWARE > OpenCandy
    3. Backup the OpenCandy Registry Key (just to be safe, in case something goes wrong.)
    - Right click the OpenCandy registry key (looks like a folder)
    - Click 'export'
    - Save the file somewhere on your computer
    4. Delete the OpenCandy Registry Key
    - Select the OpenCandy registry Key (looks like a folder)
    - Go to the edit menu and click 'delete'
    - Click 'OK' to confirm the deletion

    That's it, you're done.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • I'm a little miffed about why use the registry at all for this type of activity. The registry should be place to store installed software configurations, not whether a user clicked A or B on thursday. If you want to store that level of info fine, but store it somewhere in the miro database. The miro database seems to be doing fine understanding which videos and channels I want to download... why aren't you treating the updates the same way? Treat them as a podcast... simple RSS.

    On the upside, you guys have an exit button that works... Nothing upsets me more than a program that wants to start at startup, asks me if I'm sure I want to exit (when I choose it from the menu... sometimes when the X is close to other buttons that have meaning I'd appreciate an 'are you sure'..) , and 'closes to some hidden form' when I click that X in the corner. If you want to play with any of these 3, give me the option to turn it on and tell me about it, don't do it for me, and always keep them settings in the options->settings menu.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • Hi All,

    We're going to remove OpenCandy from our installer next week. Thanks for pushing back on this.

    We still think the core idea of open source projects promoting one another is a great one, and we'll continue to support and promote other FOSS projects whenever possible.

    ~Jesse
    • view 2 more comments
    • @jigster

      Installing *any* "open"candy infected application on a virgin install of XP with any one of a myriad of install-monitoring tools reveals that "open"candy does leave more behind than the "open"candy apologists have stated.

      Dishonesty and inordinate self interest is at the heart of the problem here.
    • This comment was removed on 2010-09-22.
      see the change log
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • I’m extremely upset
    1
    I just found entries for OpenCandy while doing normal cleanup. After an internet search I came to these questions. I have to say Miro has committed a very serious violation of trust here for the following reasons:
    1) You did it in the first place. --Jesse, I know you have been very pleasant on these forums but this is the equivalent of a thief breaking into my house and WHEN I find my stuff at the pawn shop, the thief offering to "graciously" give it back. Sorry, it doesn't work that way. There are some things you JUST DON'T DO. Remember Intuit's TurboTax a few years back?
    2) There was no uninstall. Yes, you have give some instructions on how to MANUALLY edit the registry. Who let's average users do that?!
    3) There was NO uninstall! Even with your steps above, the underlying DLL and service are still not uninstalled. I'm willing to bet that those registry entries just magically reappear.
    4) You lied. I don't use that lightly. Above, you said that OpenCandy has been removed from Miro. The datestamp says "5 months ago". I just checked another machine. Download and install dates are 4/18/2009. Guess what? OpenCandy is installed.

    Miro has now completely violated the user's trust.
    • Hi Imagineer. Hmmm. When did you install Miro?

      We did remove OpenCandy after this thread. Then a couple of months ago OpenCandy approached us saying that they had changed their install process to address the issues we had.

      Their documentation said that they only added anything to the user's computer if they opted into installing something, and then they stored it in the Miro directory rather than the registry, which we thought was okay given that the recommendation page has a notification on it that is powered by open candy.

      Can you explain to me where you found "entries for OpenCandy"? Was it in the registry or within the Miro directory?

      Also, if you found anything with OpenCandy in it, it should mean that you opted into installing the recommended software. Do you remember doing that?
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • fresh download today on a machine that has never had Miro
    • Hey Clay. As explained above, we removed the app due to the issues raised in this forum. OpenCandy then fixed their app to address the issues and we added it back in a few months later. So yes, we do ship Miro with OpenCandy and during install it asks you if you'd like to install some software. That offer is opt-in only, so you don't get anything unless you actively choose it. Do you still think this is an issue? Is there an issue with how OpenCandy operates?
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • This OpenCandy stuff is quite stinky, I cannot believe that a group calls itself "Participatory Culture Foundation" manages to install a hiddenware-spyware called OpenCandy. I am truely impressed by the skills and foresight that are shown by the developers.

    They said it was removed, but it was just removed from the installer, it keeps installing itself in a hidden manner which is even worse.
    • Dude, this is crazy. Opencandy isn't spyware, and it isn't hidden! Also it was removed when we said it was removed. OPEN CANDY CHANGED THE WAY THEIR APP WORKED TO ADDRESS THE ISSUES RAISED IN THIS VERY FORUM THREAD AND WE ADDED IT BACK!!! It doesn't install itself in a hidden manner. During the install it offers you some software, if you say no it doesn't do anything. It's all very transparent.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • Not the nightly builds.

    Jessep, the thing is that OpenCandy is in the business for collecting user data. If that is not spying on people, then what is ?

    Anyways, I loved Miro and tried to support it. But This OpenCandy thing is not something I want to see in an application`s installer I use(free or paid). Thus I wont be using Miro from now on.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • Jessep btw regardless of what you choose during installation OpenCandy seems to install itself(OpenCandy not the suggested software) and add itself to registry but you claim the oppoosite. Have you tried installing and checking out what is going on really?
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • no, it's still there, with no uninstall
    the files and registry entries have to be removed manually
    OC is crapware/adware

    it's in the download and drops it's .dll into OC client's software
    if it's not already there

    test it yourself
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • Jessep,

    You also need to declare on Miro`s web site that Miro is participating with OpenCandy ring but you do not. This is deceptive. Do not get me wrong I am not looking for cynical motivation here but right way to do the business is to declare such stuff prior to download not during installation.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • JED (Official Rep) June 01, 2009 13:04
    So what I'm seeing is that the OC files are in the registry below the PCF registry entries. And the OC files are getting installed in the C:\\Program Files\Participatory Cult...\Open Candy directory.

    For me, testing nightly builds regularly, it's 1 extra screen to click next on, as the OC option is set to Don't install, by default. After that - it doesn't do anything.

    The next day when I install the nightly again, yes, another install, another offer. But I think if OC was really devious and spying on me, it would make a new unique offer, not the one I had declined the day before. Or even a few minutes before depending on the tests I was running.

    I think you are over-reacting.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • the problem is that it's not disclosed
    that another software company is installing on my computer

    when i choose a software i don't want more

    OC is trying to help sales-fine
    i need to know before i download
    exactly what i'm getting

    over-reacting? i don't think so
    it's not dangerous-the file and reg entry
    it's done without informing that i'm getting two software companies
    not 1 like i choose

    i will opt-out of OC untill they and the softwares involved disclose this practice
    and build an uninstall or opt out of OC

    it's exploiting a loophole and most users will not see it
    perhaps that's the plan, since it's already in the computer before you can stop it
    • Miro bundles a lot of software components where PCF deems it necessary, like VLC, libtorrent, Perian, Sparkle, Growl, and whatnot. Unlike those listed, OpenCandy does not run unless a user explicitly opts in and instructs it to do so, and to my knowledge does not do anything malicious ever, so I fail to see any malintent here or inherent to OpenCandy...
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • Guys, OpenCandy is installing itself you opt in or not. Instead of playing it down why do not you just look into the problem?. We are not talking about the recommended software we are talking about repeated OpenCandy registry entries and installation files regardless of the state of the choice during installation.

    Sure everyone has their opinion, I do respect that but the thing is that this issue has nothing to do with an opinion or perspective. I happily downloaded Miro and ended up with something called OPENCANDY. Yes I can delete it but I can delete the things I see. How am I supposed to know whatelse they put on my computer? I do not trust them a byte, a nibble, not even a bit.

    If the developers think that they can make money out of this thing they are wrong. I hope they make but this kind of stuff generally blows back. Did you know that founders of OpenCandy at some point were founders of shameful DIVX?

    From Wikipedia

    "At one point, DivXNetworks offered for download an "ad supported" version of their DivX Professional product free of charge to users who were willing to view advertisements. The ads were delivered by the GAIN ad server software. While this attracted much criticism at the time, users had to manually select the "ad supported" download rather than the for-pay professional version or the free version. Additionally, users were informed during installation of the ad-supported version that the Gator software would be installed on their PC and were presented with a license agreement to which they had to consent in order to continue the installation. Regardless, the Gator software would still install parts of itself without the user agreeing to this installation, and was difficult to remove after installation. This raised considerable consternation amongst DivX users, causing many to turn to its free software rival, Xvid. "
    • i hear you. so what we're going to try is having a screen during install where it says, "Do you want us to recommend you some software?" and if you click yes then it'll run OpenCandy. We'll still ship Miro with OpenCandy, but unless you opt in on this screen it will never run.
    • Okay, talked to the OpenCandy guys about this, and figuring out the best way to disclose what's going on. They're going to add a comment to this thread explaining exactly what they do, and we're going to disclose on the site, at the time of download, that OpenCandy is included and provide more information. We'll also probably include an alternate download link for people who don't want it, but that might take a while because our developers are busy.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. indifferent, undecided, unconcerned happy, confident, thankful, excited kidding, amused, unsure, silly sad, anxious, confused, frustrated

  • I’m happy to have this discussion.
    1
    Disclosure -> Transparency -> Choice

    The Problem? Disclosure!
    The Solution? DISCLOSURE!

    Some of you know me from other threads, but for those that don’t, I’m Dr. Apps, Software Community Guru for OpenCandy. I joined OpenCandy at the end of February of this year. I discovered OpenCandy when I was updating MediaCoder in November, 2008 (see here: http://twitter.com/drapps/statuses/1018127759). (Sorry, can’t help but intro myself.)

    Jesse and I discussed this thread at length over the last two days and I realized I’ve been missing the message on what you said you wanted. Which is disclosure. At OpenCandy we are passionate about doing what we do in a way that is respectful of users. If there is a way to do it better, we are all for it.

    We have already begun work on messaging for the Miro download page to inform people that Miro’s installer includes recommendations powered by OpenCandy.

    Disclosure is all well and good. But if people don’t know what we actually do, why we do it and most importantly HOW we do it, they aren’t going to be able to make an informed decision about OpenCandy.

    What We Do

    We provide technology and a network to enable software developers to choose software (or services) they love or believe their users will find valuable and present it to users as a recommendation during installation of their software. Our network is moderated; meaning those that wish to participate must meet certain guidelines to ensure safety, security and transparency to users.

    Why We Do It

    Yes, the people who started OpenCandy were former DivX founders, executives and engineers. Yes, they made business decisions while at DivX, for DivX that I personally (as a user-advocate and computer fix-it guy) didn’t agree with. This isn’t about DivX though, this is about OpenCandy. After leaving DivX, they realized that some of what they learned about software distribution could be applied to something that revitalized the software community for the mutual benefit of USERS AND DEVELOPERS. They saw how third party bundling was being done in a non-user friendly manner (from the install experience to the privacy issues) and created a vision and framework to do it in way that DOES offer an optimal user experience. OpenCandy was born.

    How We Do It

    The OpenCandy Installer Plug-in.

    #1) Recommendations

    The OpenCandy installer plug-in (otherwise known as OCSetupHlp.dll) is what publisher’s integrate into their software’s installer to enable recommendations to be made. The plug-in ONLY functions during installation (and optionally) un-installation of the publisher’s software and in accordance with our Privacy Policy.

    If you decide after receiving a recommendation that you don’t want the OCSetupHlp.dll on your computer, feel free to delete it. I guarantee it won’t magically re-appear.

    #2) Installer Analytics

    The plug-in also enables publishers to learn ANONYMOUS aggregate statistics like how many times their software is installed and uninstalled. This helps developers create better software and drives competition in the software community. The thinking is that if a software publisher knows how many times their software is installed and uninstalled then they’ll be able to notice, for instance, if one month a new version they released results in a statistically higher rate of un-installations. Then they can reach out to their community (via blogs, forums, etc) and say “Hey, the recent release of our software is resulting in 30% more uninstalls. If anyone has any ideas why, please chime in and let us know what you think is causing this.”

    To reiterate: The OCSetupHlp.dll has ZERO functionality by itself. It only runs as part of the installer it was integrated with.

    User Privacy

    Our privacy policy is very straight forward and crystal clear on what information we collect. (Personally, I think ALL privacy policies should be.) What sets our policy and our actions apart is that we don’t want your personally identifiable information. That’s why we don’t store your IP address or any other personally identifiable information about you. Here’s an example of what we know about you: A Windows (XP, Vista, whatever) computer residing in the United States (or some other COUNTRY, yes just COUNTRY) accepted or declined an OpenCandy recommendation during installation of Miro.

    Wrapping it up :)

    I know it’s hard for people to understand (or accept) what OpenCandy does unless the information is readily available. Our new website will be launching soon and I’m also working on getting our FAQs up here (on GS).

    I’m glad to be able to have this conversation out in the open for everyone to be a part of. That way we can be sure we’re doing the right things and that our actions match what we’re saying. :)

    We are really proud of what we’re doing, why we’re doing it and most of all, HOW we go about doing it. That’s why we have awesome partners (like Miro) working with us. They’ve had the chance to learn our story because we’ve communicated and shown it to them, but until now we haven’t had the chance to share it to the rest of the world. :)

    Thanks,

    Dr. Apps / Andrew
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. indifferent, undecided, unconcerned happy, confident, thankful, excited kidding, amused, unsure, silly sad, anxious, confused, frustrated

  • I’m Angry & Pissed!
    No matter how you "sugar coat" it OpenCandy IS adware and spyware. First off aren't the recommend programs a type of ad? Personally I think so. Also anything that sends info back from my registry is considered spying. "Anonymous" or not. Besides how can it be anonymous when you get my IP and other info unique to only my machine?

    Dr Apps you made a claim that it sends data back when a OpenCandy app is uninstalled, so if the OC dll can be removed at ANY TIME how does this function still work then say the dll is removed? Also if users are running firewalls and BLOCK OpenCandy/ app installer from accessing the internet how will OpenCandy still function and what use will it have? I think the ONLY REAL thing it will succeed in doing is ruin peoples trust in otherwise good software.

    Software developers PLEASE don't bundle this with your software. Nobody likes being forced into installing unwanted third party apps especially addware and spyware. This concept DOES NOT work, its been proven with Gain (Gator Advertising and Information Network), Cydoor as well as numerous IE toolbars.

    Oh and one last note Dr Apps if you claim your program is so legit how come you don't release the source code and tell us the REAL facts as opposed to being so vague and writing the same thing, nearly verbatim, on all sites that you post on?

    The Internet Unibomber
    • view 1 more comment
    • An Interesting Sunday

      Well this is an interesting break from trying to console my teething seven month old and taking care of mommy who isn't feeling well either. It’s not everyday I get asked questions by someone who choose to post under the name of a convicted murderer. But I digress; this information will be helpful to other people, so I’m happy to answer these questions.

      Actually I don't disagree that an OpenCandy-powered recommendation is an ad. But OpenCandy isn't adware (http://en.wikipedia.org/wiki/Adware), adware is: a program that once installed shows ads on your desktop or in your browser or a whole slew of other crap we WOULD NEVER do. And we are certainly not spyware (http://en.wikipedia.org/wiki/spyware). We don't collect ANY personally identifiable information, and the NON-personally identifiable information we collect is very limited and not unique at all (see below).

      TCP Connections, Anonymity and Privacy

      Every website you visit knows your IP and the vast majority of them also log it. Yes, establishing a (legit) TCP connection means the return address is known (yes I'm way oversimplifying TCP :) ) –The only thing we do with an IP is figure out the country it originates from. We do NOT STORE ANY IPs in any shape or form.

      Our system is based on a smart plug-in / dumb server approach so WE DON'T NEED to collect all sorts of other information about a computer (or "person" if you will). The fact that someone uses Microsoft Windows Vista and their OS language is English and they're located in the United States is NOT UNIQUE information at all.

      Removing Our Dll / Blocking Internet Connectivity EDITED to add bold to this. :)

      If you remove the OpenCandy dll (OCSetupHlp.dll), OpenCandy CAN'T/DOESN'T provide any functionality during un-install (btw, I should mention that when you remove the dll yourself you may receive an error during un-install since the file is missing but if you click 'Ok' or 'Continue' the uninstall will complete successfully. See my PS for changes we're making regarding leaving files behind). The same goes for blocking an OpenCandy-powered installer from accessing the Internet during install, we obviously can't provide a recommendation or installer analytics in that case. The exact reason I provided that information was for people who either; don't want to see a recommendation or don’t want to help provide anonymous analytics to the publisher of the software they're installing, or that want to remove our dll.

      As far as forcing people to install third party applications, I'm not sure how a software recommendation you have to consciously choose to install could be considered forced upon anyone. Of course I'd never argue against the fact that concepts like GAIN or Cydoor DON'T work... they don't, I loath(ed) them and I've spent a considerable portion of my life cleaning up machines infected with that crap and other things.

      Copyleft nor Copyright Determines Legitimacy

      So if something is closed-source it's not legit? The reason why our platform isn’t open source is because part of it deals with money which means we have to deal with the potential of gaming/fraud. Legitimacy of a platform, product or service isn't determined by whether it’s copyleft or copyright.

      Closing Thoughts

      For some people, specifically those who have read my responses to questions in various places, yeah it can seem pretty repetitive (definitely not verbatim though). There's only so many ways for a person to answer the same question(s) and if a question is answered truthfully, then (IMHO) there's really only one (idk, maybe two) ways you can answer it.

      Like I always say, I'm happy to have these discussions. When people have questions we're/I'm happy to give answers. I hope this info is helpful.

      Thanks. :)

      Dr. Apps
      @drapps

      PS: Two other things I should mention:

      #1) Miro’s does not provide OpenCandy recommendations anymore as of version 2.0.5.

      #2) Now is as good a time as any to announce this. :) We are currently wrapping up the latest version of our Publisher’s Kit which changes the way our recommendation process works. Going forward our files (OpenCandy_Why_Is_This_Here.txt and our dll, OCSetupHlp.dll) will ONLY be TEMPORARILY copied to a folder within the publisher's program installation folder – IF – a recommendation is accepted. Once the recommendation (again, IF it was ACCEPTED) is downloaded and installed, the OpenCandy folder, dll and text file will be removed automatically.
    • Your " 'recommendation' is not advertising " claim is sophistry.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. indifferent, undecided, unconcerned happy, confident, thankful, excited kidding, amused, unsure, silly sad, anxious, confused, frustrated

  • The presence of opencandy should have been disclosed up front, before any download or install.

    To date no disclosure has been done upfront.

    This is opencandy's mistake.
    As well as those who choose to include it in their product.

    Discovered and in the open by end users instead of opencandy or it's clients. And how to remove it.
    This is not good business practice.

    opencandy's file, transfers personal use information over the net.

    Perhaps a better review of what a privacy policy consists of would be in order.

    http://en.wikipedia.org/wiki/Privacy_...
    • Clay,

      We made a mistake with the way OpenCandy was disclosed with Miro, I said that two months ago. That's why Jesse put a disclosure on the Miro for Windows download page so that people knew it provided OpenCandy recommendations and analytics. As of version 2.0.5 Miro no longer provides OpenCandy recommendations anyway.

      "opencandy's file, transfers personal use information over the net."


      I'm not sure how much clearer I can say this: OpenCandy does NOT transfer or collect personally identifiable information (here's a good reference on PII http://en.wikipedia.org/wiki/Personal....

      As far as our privacy policy is concerned, it looks like being concise wasn't good enough. We're in the process of updating our PP to be more specific and eliminate ANY confusion people have as to the type of NON-personally identifiable information we collect.

      On the whole we've done a lot of things right. I have no qualms about admitting when we make mistakes. We listen to the community and when changes need to be made, we make them. We're always looking and listening for ways to do things better.

      Thanks. :)

      Dr. Apps
      @drapps
    • again @ DrApps

      Disclosure should be made EXPLICIT PRIOR to download. Give the users a choice of an "open"candy infected installation wrapper, and a virgin installation wrapper. THERE is where the informed consent is.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • I didn't say-
    "personally identifiable information".
    I said personal information.
    Recording my personal address is not the issue.
    What I download and uninstall, is, that includes opencandy, in your own words.

    Other software has pop-ups in their own software, not all, but some, that will trigger a 'why, and how can we help make it better' web site or form. And that is a software I picked to download.

    But they don't have a separate software company bundled to report what I install or uninstall. Never asked for it and don't want it either.

    Their are download counters that keep track of how many downloads of any software. That should be enough info to determine it's usefulness. As well as blogs and forums posted by the software themselves or other sources of info.

    If you want me to let opencandy monitor or report to another software vendor, what I install or uninstall.
    Please ask first.
    And I'll decide if I want that software installed and that info monitored.

    You change words of others which changes the subject. Avoiding addressing the concern posted.
    • Clay, man, I'm a nice person, please give me the benefit of the doubt first. :) I didn't deliberately change your words or try to ignore your question -- I did misunderstand though. Sorry.

      Disclosure = Choice

      I think that's all related to proper disclosure... That way you have a choice about installing software from a publisher. You can also choose to download & install it and do what I do 99.9% of the time, block installers from accessing the Internet using a software firewall.

      There is always going to be some percentage of people (albeit a small one) who don't want to see OpenCandy recommendations or help the publishers of software they're installing by providing anonymous statistics.

      Thanks. :)

      Dr. Apps
      @drapps
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • To Dr Apps

    Ok our views as to what can be adware could differ so I'm not even gonna argue that. But when your plug-in is sending back ANY KIND of info off my machine that I do consider a form spying. For example the apps I have installed on my machine. That is only for me and the other users of my machine to know. NOT for some company of the internet.

    When I was referring to being forced into installing third party apps I WAS NOT referring to the recommended app but to the OpenCandy plug-in its self. Isn't it a kind of app considering its code being executed on my machine? Maybe it doesn't have any power without the host installer but nonetheless its still code I never consented into executing. Personally I don't like it when an app I choose to install comes bundled with stuff I never consented too.

    Also you said it yourself that when the installer is blocked from the internet OpenCandy wont work, so then what purpose does it serve? In other words what will be in it for you guys at OpenCandy and the developers say a lot of people blocked it? Next why cant the recommendations be HARD CODED into the installer without the need of the plug-in? Albeit they wont be as personally tailored but could be chosen at random from some internet server with a ONE WAY stream to the others machine. Therefore possibly eliminating the "spying" factor.

    I never meant that anything closed source was not legit. In fact I do use several closed source apps myself although I do prefer FOSS alternatives when given the choice. Im just saying that if OpenCandy released the source to there plug-in it might better convince the skeptics to OpenCandy's legitimacy.

    The Internet Unibomber

    PS
    1) You said that with the latest version the OpenCandy folder and its contents will be deleted after install of the app/apps (assuming the recommended one was chosen) . Will the regkeys and cookie also be removed?

    2) Say someone did install an app with OpenCandy and did choose the recommended app will the recommended app also include OpenCandy and if so were will it end?
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • Dr. Apps,

    Being a nice person or not is not the issue either, nor the rest of your post.

    Your percentage estimate is a guess at best.

    I'm talking about facts, you are not.

    And advising the use of a firewall?
    To block your own program?

    List the programs using opencandy.
    I dare you to be honest.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • here is opencandy's privacy policy-

    http://www.opencandy.com/privacy-policy/

    not acceptable to me
    but I'm not asked if I agree-
    Am I?
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • here, I'll put up what is on the opencandy site

    BACKBLAZE
    BitTorrent
    doubleTwist
    Flock
    QFL STUDIO by Image L.ne
    MediaCoder
    Medialnfo
    TechSmith Tune'Up
    WinSCP
    ZumoDrive
    memeo
    kantaris mediaplayer

    what others are there?
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • JED (Official Rep) August 10, 2009 19:47
    Open Candy is not included with the Miro 2.5 installer. I think this discussion is more relevant to an Open Candy forum.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • I agree, Jed, but OC don't have an open forum.

    And thank you Miro for not using OC now.

    And I apologize for this discussion being on Miro's site.
    • We do have an "open forum" here on GetSatisfaction. Since the conversation has gone beyond OpenCandy in regard to Miro (and since Miro doesn't provide OpenCandy recommendations anymore), I'm going to see if the GetSatisfaction peeps can move the last post from "Internet Unibomber" and the previous 3 posts from Clay over there so I can answer their respective questions. Probably won't be tonight though.

      Thanks.

      Dr, Apps
      @drapps
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • I don't want my posts moved.
    Start your own thread.
    I'm done with you and oc.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • I’m pissed
    Open Candy is still around, unfortunately. I installed IEPro for IE7 and was promptly peddled whether I wanted to download that piece of garbage, IE8 or not. Of course I opted out and installed IEPro for IE7 and still would up with Open Candy on my machine.

    Dr. Apps, get a clue. It seems 98% of the responses you've gotten here are negative. If I want to opt in, then by all means, install Open Candy. If I opt out, I shouldn't have ANY traces of it on my computer, whatsoever.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • Hey, just to be clear, Opt out means just that. Opt out. That means no trace.

    Why don't you just give the people what they want, which is No Candy.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • I’m vexed
    Why opencandy model is UNaccpetable: admin rights necessary to install. I hadn't thought about it until phrased as such:

    http://sethwisely.wordpress.com/2010/...

    I don't want *that* kind of application running in an admin context EVER.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • I’m PISSED & ANGRY @ Open Candy. This thing is spyware and should be STOPPED all its doing is killingF/OSS and making people loose trust in those developers.
    OpenCandy is BAD candy. NEVER accept candy from strangers!!!!! No exceptions. Also gotta love for something called open candy yet all there stuff is CLOSED SOURCE & CLOSED info too.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • This reply was removed on 2011-02-28.
    see the change log
  • I’m pissed off and hurt!!
    OpenCandy has changed NOTHING!! I do not even know how many registry errors I have because of them. The only way I found out about this at all was having my computer continuously crash *^%%$^$.

    I have RAM and virtual memory errors all over the place...your company declared it would release a clean copy that fixed the bug that www.opencandy.com had in their software.

    Thanks for nothing but problems...

    Pissed off and hurt that I put my trust in your product and at myself for giving your company the trust...my own stupidity...never again!!!
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated