LDSToolbar.com
-
- New Member
- Posts: 3
- Joined: Wed Jan 23, 2008 8:33 pm
This toolbar is spyware.
I downloaded the massive firefox extension (450 K are you kidding me) and after viewing the size I wondered what caused the bloat. I found it soon enough. The code points to conduit.com (a free toolbar builder). Conduit.com claims to protect your privacy but then asks questions like "do you mind if we track usage statistics". Now to clarify this is another way to say can we eat your cookies and stuff you with more. The toolbar constantly communicates with conduit regardless of how you answer the usage statistics question which in my opinion is a direct violation of their privacy agreement but hey nothing is really free. It knows and tracks every site you visit. This can be easily proven by visiting another conduit.com enabled site and see how the toolbar reacts with it.
Here is the silver bullet though. This extension taps an active x control and exposes your computer to previously patched vulnerabilities
pref("general.useragent.vendorComment", "ax");
pref("security.xpconnect.activex.global.hosting_flags", 9);
pref("security.classID.allowByDefault", false);
/* Windows Media Player */
pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
which ... and i quote
[size=-1]"turns absolutely everything on and makes everything scriptable—even those ActiveX controls flagged as "do not script me"—set these preferences:"[/size]
Hmmmm nasty.
I like the idea of the toolbar but It would be nice if you had coded it yourself and could hang your hat on the security. If you are offering a firefox extension then it should pass the firefox extension approval process and be sanctioned by mozilla. IE users are probably brimming with spyware already and won't notice yet another key logging, cookie stuffing, site watching application.
Thanks
I downloaded the massive firefox extension (450 K are you kidding me) and after viewing the size I wondered what caused the bloat. I found it soon enough. The code points to conduit.com (a free toolbar builder). Conduit.com claims to protect your privacy but then asks questions like "do you mind if we track usage statistics". Now to clarify this is another way to say can we eat your cookies and stuff you with more. The toolbar constantly communicates with conduit regardless of how you answer the usage statistics question which in my opinion is a direct violation of their privacy agreement but hey nothing is really free. It knows and tracks every site you visit. This can be easily proven by visiting another conduit.com enabled site and see how the toolbar reacts with it.
Here is the silver bullet though. This extension taps an active x control and exposes your computer to previously patched vulnerabilities
pref("general.useragent.vendorComment", "ax");
pref("security.xpconnect.activex.global.hosting_flags", 9);
pref("security.classID.allowByDefault", false);
/* Windows Media Player */
pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
which ... and i quote
[size=-1]"turns absolutely everything on and makes everything scriptable—even those ActiveX controls flagged as "do not script me"—set these preferences:"[/size]
Hmmmm nasty.
I like the idea of the toolbar but It would be nice if you had coded it yourself and could hang your hat on the security. If you are offering a firefox extension then it should pass the firefox extension approval process and be sanctioned by mozilla. IE users are probably brimming with spyware already and won't notice yet another key logging, cookie stuffing, site watching application.
Thanks
-
- New Member
- Posts: 24
- Joined: Tue Apr 17, 2007 6:59 am
- Location: Doncaster, United Kingdom
This is not true.
Yes Conduit tracks statistics but it is limited to the following
Number of new installs
Number of active users
Number of Clicks on the toolbar (Not which sites actually have been clicked)
Number of searches (Not what has been searched)
If you opt out then nothing like this will be recorded. If you visit a website that uses visitor tracking they will be able to record a lot more information than this.
If this is spyware how come companies like
WWF, Greenpeace, MBL, Opodo, TechCrunch, Discovery Networks, Lufthansa, ASPCA
use this same company to create toolbars? I do not think that those companies can afford to create and distribute spyware infested toolbars.
So if you read the message above and are concerned about your privacy read this privacy statement.
http://www.conduit.com/privacy/ConduitPrivacy.aspx
There is no spying going on
Yes Conduit tracks statistics but it is limited to the following
Number of new installs
Number of active users
Number of Clicks on the toolbar (Not which sites actually have been clicked)
Number of searches (Not what has been searched)
If you opt out then nothing like this will be recorded. If you visit a website that uses visitor tracking they will be able to record a lot more information than this.
If this is spyware how come companies like
WWF, Greenpeace, MBL, Opodo, TechCrunch, Discovery Networks, Lufthansa, ASPCA
use this same company to create toolbars? I do not think that those companies can afford to create and distribute spyware infested toolbars.
So if you read the message above and are concerned about your privacy read this privacy statement.
http://www.conduit.com/privacy/ConduitPrivacy.aspx
There is no spying going on
-
- New Member
- Posts: 24
- Joined: Tue Apr 17, 2007 6:59 am
- Location: Doncaster, United Kingdom
I have done a little bit more research.
There are multiple reasons why there is traffic between the conduit network and the toolbar.
1. The icons are stored on their server and when the need to be displayed ie you open the LDS Websites menu the toolbar requests those images.
2. The toolbar is auto updating so that you always have an uptodate toolbar. BTW autoupdating does not mean auto installing other software. It will only check for the latest version of the software in specific intervalls.
Stephan
There are multiple reasons why there is traffic between the conduit network and the toolbar.
1. The icons are stored on their server and when the need to be displayed ie you open the LDS Websites menu the toolbar requests those images.
2. The toolbar is auto updating so that you always have an uptodate toolbar. BTW autoupdating does not mean auto installing other software. It will only check for the latest version of the software in specific intervalls.
Stephan
-
- New Member
- Posts: 24
- Joined: Tue Apr 17, 2007 6:59 am
- Location: Doncaster, United Kingdom
In addition to that Conduit.com is certified by TRUSTe
http://www.truste.org/ivalidate.php?url ... sealid=101
If you really think that they have broken their privacy statement contact truste and they will investigate.
http://www.truste.org/ivalidate.php?url ... sealid=101
If you really think that they have broken their privacy statement contact truste and they will investigate.
-
- New Member
- Posts: 2
- Joined: Sun Nov 04, 2007 10:54 pm
-
- New Member
- Posts: 24
- Joined: Tue Apr 17, 2007 6:59 am
- Location: Doncaster, United Kingdom
It does not concern me.
Do you use Google or Yahoo? Well they probably gather more information than the conduit toolbar.
Do you check on websites where advertisement comes from ? If no companies like doubleclick are gathering a huge amount of data.
On the other side I find it interesting that both posts ( #11 and #15 ) have come from someone that has just newly registered. Makes me wonder if it may come from the same person ?
Do you use Google or Yahoo? Well they probably gather more information than the conduit toolbar.
Do you check on websites where advertisement comes from ? If no companies like doubleclick are gathering a huge amount of data.
On the other side I find it interesting that both posts ( #11 and #15 ) have come from someone that has just newly registered. Makes me wonder if it may come from the same person ?
-
- New Member
- Posts: 2
- Joined: Sun Nov 04, 2007 10:54 pm
Interesting assumption. (The answer is no, I am not the same person as Marine.)
However, in response to your wonderings:
1) I actually fear the power of Google. I recognize that they have great tools, and are a source of some pretty good things, but I fear that they have a long reach, and they keep so much data, and have the capabilities of tracking so much data, it's simply unnerving.
2) I make it a practice to never click on paid advertisements. I ignore them at all costs.
In addition, BTW, I really think that you have a great idea. Building a toolbar for people of the LDS faith, free of charge, and you aren't even out to make a buck. It's definitely an effort worth pursuing. Although, I had thought at first from your first posts, that you yourself had actually built it...
Let me ask you: aren't you even a little concerned with the security risks posed by the toolbar as discussed by Marine? (I know I would be.)
However, in response to your wonderings:
1) I actually fear the power of Google. I recognize that they have great tools, and are a source of some pretty good things, but I fear that they have a long reach, and they keep so much data, and have the capabilities of tracking so much data, it's simply unnerving.
2) I make it a practice to never click on paid advertisements. I ignore them at all costs.
In addition, BTW, I really think that you have a great idea. Building a toolbar for people of the LDS faith, free of charge, and you aren't even out to make a buck. It's definitely an effort worth pursuing. Although, I had thought at first from your first posts, that you yourself had actually built it...
Let me ask you: aren't you even a little concerned with the security risks posed by the toolbar as discussed by Marine? (I know I would be.)
- mkmurray
- Senior Member
- Posts: 3266
- Joined: Tue Jan 23, 2007 9:56 pm
- Location: Utah
- Contact:
He might trust it if he built it himself, but that doesn't mean that I automatically trust a product from some unknown individual. I would have more trust in a product produced by a larger entity (that I trusted) than just some individual. I admit though that what's up for debate is Conduit's trustworthiness. But my initial point is that basing his code on someone else's code or some company's code does not automatically degrade the trustworthiness.Cyclospe wrote:Still, this information is wont to make one very nervous, and unless you actually built the Toolbar yourself, it's hard to fully trust (or even know) all the things that are going on under the hood.
-
- New Member
- Posts: 3
- Joined: Wed Jan 23, 2008 8:33 pm
The real issue is conduit's use of an activex hack which then exposes the user to potential viruses, spyware etc. Perhaps conduit has no malicious intent but as most things go this can be explained by ignorance. The windows media player hack is another issue with potential risks as well. Another thing I noticed is that the initial install prompts the user to switch default search to a sponsored google account.
I personally think it is wrong to make money off an lds toolbar being promoted by a subdomain of lds.org.
I could go on and on. This does not ring true.
I personally think it is wrong to make money off an lds toolbar being promoted by a subdomain of lds.org.
I could go on and on. This does not ring true.
- mkmurray
- Senior Member
- Posts: 3266
- Joined: Tue Jan 23, 2007 9:56 pm
- Location: Utah
- Contact:
Actually, Cyclospe is not newly registered at all. He/she registered nearly 3 months ago. In fact, this user had been registered over a month before you even posted this thread.Stephan wrote:On the other side I find it interesting that both posts ( #11 and #15 ) have come from someone that has just newly registered. Makes me wonder if it may come from the same person ?
Just because Cyclospe had no posts prior to his thread, does not mean the user is newly registered.