flashfxp drm/spywares?

[Read Only Memory]

Hi, I would like to know what DRM and/or spywares you're using in flashfxp to enforce license or monetize flashfxp.

I have been more and more worried about privacy matters lately and right now flashfxp is the last closed source software I use with internet access enabled. I recently uninstalled steam after seeing it was collecting private data on a regular basis.

I would like to know exactly what data you collect, whether you believe it's legitimate or not, and what use is made of that data.

Thank you.

[bigstar]

FlashFXP does not contain DRM or spyware.

Installer version check
When installing the FlashFXP software the installer will perform a version check to insure the latest version is being installed. The installer connects to our servers and the following information is transmitted: Product version number.

Special offers and product discount Service
The shareware version of FlashFXP will connect to our server on startup to provide the user special offers and product discounts. The following information is transmitted: Product version, unique user id, current day of evaluation, product integrity hash.

Automated Update Service
The registered version of FlashFXP will periodically connect to our server and check if any new versions are available and allows for a convenient method to update the FlashFXP Software. The following information is transmitted: Product version, unique user id, license key id, product integrity hash.

Crash-Reporting Feature
FlashFXP has a crash-reporting tool that sends a report to our server when FlashFXP crashes. I use the information in the crash reports to diagnose and correct problems in FlashFXP. This feature sends a variety of non-personal information to our server; including the stack trace (a detailed description of which parts of the FlashFXP code were active at the time of the crash), the type of computer you are using, and a list of active processes. Crash reports are deleted after I've reviewed them.

I do not share any information collected with 3rd parties or anyone else.

Furthermore I am the only person with access to this information.

[Read Only Memory]

Thanks for the prompt reply.

About 1) 2) and 3)
Do you also collect IP addresses?

About 4)
Just the list of processes alone, I consider this as sensible data, is there a way to disable these automated reports? I understand your intent is to improve your service but people should be able to choose whether to contribute or not on their own free will.

No matter how legitimate you may think it is, or whether your intent is good or bad, I consider it a very serious abuse when a software which can't be blocked in firewall is taking advantage of it to send data without my consent.

[MxxCon]

Quote:

Originally Posted by Read Only Memory

About 1) 2) and 3)
Do you also collect IP addresses?

Your IP is visible purely by the fact that you connect to the internet. There's absolutely nothing private about knowing somebody's IP address. I know that you connect from <edited> VPN service, so what, big freakin deal. There's nothing private or sensitive about it.
Take off our tin foil hat.

Quote:

Originally Posted by Read Only Memory

About 4)
Just the list of processes alone, I consider this as sensible data, is there a way to disable these automated reports? I understand your intent is to improve your service but people should be able to choose whether to contribute or not on their own free will.

Bigstar NEVER said that those reports are automatically submitted.
Whenever FlashFXP crashes you are presented with a window ASKING YOU to review the data and submit that crash report.

Quote:

Originally Posted by Read Only Memory

No matter how legitimate you may think it is, or whether your intent is good or bad, I consider it a very serious abuse when a software which can't be blocked in firewall is taking advantage of it to send data without my consent.

Quit with your high and mighty privacy tirade!
If you are so security conscious and paranoid, why don't you control WHERE FlashFXP can connect to?! All OS have ACLs where you specify where each process can go.
As a matter of fact, why don't you run a network sniffer and see what exactly FlashFXP is doing?

Quote:

Originally Posted by Read Only Memory

flashfxp is the last closed source software I use with internet access enabled.

Let me guess, you personally review source code of every single open source piece of software that you run?!
Let me guess, you personally compile every single piece of open source software that you use?
Let me guess, you use only FIPS-compliant versions of crypto modules in every software that you compile?
Let me guess, you have access to Microsoft's source code of Windows to make sure there are no spyware modules in there?

FlashFXP didn't exist for 15+ years to abuse users' privacy.
Take off your tin foil hat and worry about stuff that really does matter, not if FlashFXP can see that when it crashed your computer had 4gigs of ram.

[Read Only Memory]

OK I have no need for a software from people who give publicly infos about my ISP. I'm finished with flashfxp, it was a mistake all along.

[bigstar]

Quote:

Originally Posted by Read Only Memory

Thanks for the prompt reply.

About 1) 2) and 3)
Do you also collect IP addresses?

The remote IP address is not stored with the information we collect. We do not gain anything by storing the machine IP address so we don't.

Our webserver and firewall software does however keep access logs for security purposes, these logs contain all IP addresses that connect to our server. These logs are automatically rotated every 24 hours and we do not keep archives of rotated logs.

Quote:

Originally Posted by Read Only Memory

About 4)
Just the list of processes alone, I consider this as sensible data, is there a way to disable these automated reports? I understand your intent is to improve your service but people should be able to choose whether to contribute or not on their own free will.

No matter how legitimate you may think it is, or whether your intent is good or bad, I consider it a very serious abuse when a software which can't be blocked in firewall is taking advantage of it to send data without my consent.

When troubleshooting crash reports its critical to know what other processes are running on the computer, without this information we would not have been able to resolve several major compatibility conflicts with 3rd party software and FlashFXP. The most serious case was a software called DigitalPersona (a fingerprint identity verification software) and without the process list we would not of been able to determine that all of the customers experiencing this fatal crash/corruption had the same software running on their computers.

There is no way to prevent FlashFXP from sending this information when a crash occurs. However if it is absolutely critical that this information never be sent you can add our server host (bugreports.flashfxp.com) to your firewall block list.

Quote:

OK I have no need for a software from people who give publicly infos about my ISP. I'm finished with flashfxp, it was a mistake all along.

I am sorry you feel that way. Asking questions on a open access public support forums where there is an associated and inherited lack of privacy just might not be the best place to ask these types of questions if you want to remain 100% anonymous. Perhaps a better choice might of been to contact us directly using the contact us link and avoid publicity all together.

[MGhell]

Oh my, there are some really rare birds around......lol

[sw33t]

@bigstar:
It's a quite long thread, but i've read it anyway. What i got from it is this:
-the fella is an idiot who knows nothing about security or networking..
-bigstar you are really patient . I admire that..

[Read Only Memory]

Keep laughing good Sirs, I won't blame you since I was once as retarded as you, until I realized using closed source webware was the second most stupid thing one could do after distributing the keys of his house to all strangers around the world. The young lamb isn't afraid of the old tiger, proverb, even after seeing the careless attitude of that MxxCon lad publishing info which is supposed to be private, even after the author admitted that flashfxp is sending infos automatically without your approval. When you will understand your mistake it will be already too late, but I have better things to do that trying to educate fools. As for me I have changed all my ftp passwords and moved to open source better and more secure open source software. My history with closed source spywares stuffed webwares is definitely over.

[bigstar]

I believe everyone has a right to their opinion but this thread has gotten way out of hand.

I would like to highlight a couple points before I close this topic.

• Our Website Privacy Policy http://www.flashfxp.com/privacy
• In this reply I provided information taken directly from Section 11.00 of the FlashFXP EULA.

Read Only Memory, I would love to hear your thoughts on my previous reply, you can contact me via the contact us link.