Re: Surreptitious reporting...

Subject: Re: Surreptitious reporting...
From: David Neeley <dbneeley -at- gmail -dot- com>
To: sharon -at- anthrobytes -dot- com
Date: Fri, 25 Sep 2009 19:56:32 +0300

Sharon,

Correct me if I am wrong, but--

You stated the product collects information without the user's
knowledge or consent, and using a "server" sends it to the vendor.

Not from a website the user voluntarily visits, but from his or her
desktop. Without consent, without an opt-out (presumably).

How is this like a website the user voluntarily visits?

The user PAYS FOR THE SOFTWARE and expects it to be as advertised--not
other than, more than, or different than advertised. If the reporting
is not disclosed and is not consensual, where is the parallel?

Unless there is something different than what you have stated in this
thread, I'm sorry--but it is clearly wrong and a dangerous precedent.

Were I running a doc shop, I simply would not have software I could
not trust which may represent a security hole.

Were I responsible for creating documentation that would collect
information from my customer's computers without their knowledge and
consent, I would definitely not want the potential public relations
damage and the word of mouth that might get out about it. In such
case, if I was the one who employed that software and the customers
became angry about it once they discovered it, I would probably lose
my job over it also.

What I fail to understand is why you so casually dismiss the concerns
of so many on this list regarding this. The point is not what
information is gathered. It is not why it is gathered. Instead, it is
that *ANY* information is gathered and sent off premises without the
knowledge and consent of the customer.

This is a total disaster waiting to happen once software becomes
widely known to be doing such a thing, especially with today's
increasing awareness of security issues.

And it would all be so easy to fix--simply disclose it and make the
behavior completely optional--possibly with some documentation of just
what information is collected and why. In that case--with full
disclosure--you will suddenly move from being considered sneaky and
potentially dangerous to someone who is actually seeking to make the
product better on behalf of the customers.

Yes, it might be a little bit of a sales job. No, it should not be an
insurmountable obstacle.

What is so hard about that? And why would you object to openness and
full disclosure to the customer who is, after all, paying the bills?

David

On Fri, Sep 25, 2009 at 18:21, Sharon Burton <sharon -at- anthrobytes -dot- com> wrote:
> OK, let's all calm down a bit. This is a massive over-reaction. Let's take a
> deep breath. Now we're throwing claims around that MadCap is breaking the
> law and we should all demand a refund of all MadCap products and complain to
> the FTC. And claiming that those at MadCap should be ashamed of themselves
> for pushing the product.
>
> Sigh.
>
> No one is collecting *personal* information of any sort in Feedback. None.
> Not a drop. No information other than any basic web server you visit is
> being collected. Not a drop more.
>
> *Nothing* is installed on your computer, *nothing* is being "sent".
>
> You are all aware that every time you visit the most vanilla website, basic
> information is collected. No personal information is collected when you
> visit information about your visit is tracked. There is nothing illegal
> about that, as far as I know. But IP address, search keywords that got you
> there, pages visited, page that exited the website, and so on are all
> tracked by servers for all websites. Not a drop of personal information is
> tracked.
>
> Here's a thought - if you find this to be the worst thing ever, stop
> visiting web pages on the 'Net. Because every single website you visit is
> collecting this sort of basic non-personal information. It really is.
>
> If you choose, you as a user can opt in to the Web 2.0 features of Feedback
> and post comments in the Flare help, for example. You don't have to do this
> if you don't want to. Nothing bad happens to you if you chose to not do
> this.
>
> But I want to repeat to the list again: Not a single drop of personal
> information is collected about you. Not a drop more information is tracked
> than the basic reporting of all web pages you visit in the world.
>
> (God, where is Mike when I need him...)
>
>
> sharon
>
> Sharon Burton
> MadCap Software Product Consultant
> Managing your content, one topic at a time
> www.anthrobytes.com
> 951-369-8590
> IM: sharonvburton -at- yahoo -dot- com
> Twitter: sharonburton
>
>
> -----Original Message-----
> From: techwr-l-bounces+sharon=anthrobytes -dot- com -at- lists -dot- techwr-l -dot- com
> [mailto:techwr-l-bounces+sharon=anthrobytes -dot- com -at- lists -dot- techwr-l -dot- com] On
> Behalf Of David Neeley
> Sent: Friday, September 25, 2009 6:33 AM
> To: TECHWR-L
> Subject: Surreptitious reporting...
>
> I'm afraid I must side with the majority on this one. With all the
> security problems out there, if ANY application was trying to collect
> any data without my express knowledge and permission, I would wonder
> what else it might be collecting despite the protestations of the
> vendor.
>
> While my firewall would catch it, the vendor would also catch my
> demand for a refund and, quite possibly, a lawsuit and more probably
> an FTC complaint.
>
> Personally, I want to know and agree any time an application wants to
> send data anywhere. Companies like Microsoft love this sort of thing,
> yet their track record for security is abysmal--to take just one
> example. Their "security center" complains about a "possible security
> issue" every time I boot into Windows simply because I will not enable
> automatic updates--yet they themselves are a major source of problems
> with gaping security holes like Active X, to give just one example.
>
> If you work with a large organization, ask your IT security folks what
> they think about a piece of software that is set to send data about
> use to the vendor without the knowledge or assent of the company. I
> suspect you have better than even chances they will be adverse to the
> idea.
>
> Even if the intent of the software was benign, it is so outrageous on
> its face (from the customer's perspective) that I would seriously
> question the judgment of the company and its product managers who has
> pushed this.
>
> I cannot see any reason at all why it should not be totally voluntary
> on an opt-in basis after being fully disclosed to the customer.
>
> MadCap's part of all this lies in enabling it in any way that may not
> require such advance disclosure and permission.
>
> However, remember it isn't MadCap's liability so much as it is any
> company's who produces online help using this tool and sells it into
> the marketplace.
>
> David
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Free Software Documentation Project Web Cast: Covers developing Table of
Contents, Context IDs, and Index, as well as Doc-To-Help
2009 tips, tricks, and best practices.
http://www.doctohelp.com/SuperPages/Webcasts/

Help & Manual 5: The complete help authoring tool for individual
authors and teams. Professional power, intuitive interface. Write
once, publish to 8 formats. Multi-user authoring and version control! http://www.helpandmanual.com/

---
You are currently subscribed to TECHWR-L as archive -at- web -dot- techwr-l -dot- com -dot-

To unsubscribe send a blank email to
techwr-l-unsubscribe -at- lists -dot- techwr-l -dot- com
or visit http://lists.techwr-l.com/mailman/options/techwr-l/archive%40web.techwr-l.com


To subscribe, send a blank email to techwr-l-join -at- lists -dot- techwr-l -dot- com

Send administrative questions to admin -at- techwr-l -dot- com -dot- Visit
http://www.techwr-l.com/ for more resources and info.

Please move off-topic discussions to the Chat list, at:
http://lists.techwr-l.com/mailman/listinfo/techwr-l-chat


Follow-Ups:

References:
Surreptitious reporting...: From: David Neeley
RE: Surreptitious reporting...: From: Sharon Burton

Previous by Author: Surreptitious reporting...
Next by Author: An apology; was: Re: Surreptitious reporting...
Previous by Thread: RE: Surreptitious reporting...
Next by Thread: RE: Surreptitious reporting...


What this post helpful? Share it with friends and colleagues:


Sponsored Ads