Spread the Word | Create Account | My Account  
digsby
Location: Forum Home » Technical Support » Plura Processing? Verifying for firewall exceptions
 

Plura Processing? Verifying for firewall exceptions

#21 2008-12-05 22:14:11
Re: Plura Processing? Verifying for firewall exceptions
kviri
Member
Offline

 

steve wrote:

@Pikarya: Agreed. We are testing this right now and if we keep it, info will definitely be added to the TOS or FAQ.

No offense, Steve, but that's really not sufficient.

Devs, this turned into an exceedingly long post, but please read the whole thing.  There's been a lot of vitriol spewed in this (and the other related) thread, and a lot of personal attacks and heat-of-the-moment responses.  I'm making a sincere effort to keep my comments civil, here, and provide useful feedback.  This is an important issue to a lot of your users, and by the end of this post, I hope you'll understand why.

Ok.  So...

If you're going to utilize the user's resources, and spawn processes that cannot be immediately identified by the user (especially if you're going to do this by default) then you need to be proactive about letting your users know about it.  Don't just put it in an FAQ or TOS document that a long-time user, who knows the application's functionality well, is highly unlikely to ever look.  Don't just post a notice on your forum, which you know full well that the majority of your casual users won't read -- and that even people who visit the forums fairly often, like me, could go weeks without noticing.  Provide a message, in a place where it cannot possibly be missed, when the upgrade takes place, preferably with a hyperlink to a detailed explanation of what it's for and what it does.

I'm perfectly willing to believe that this was a well-intentioned PR mistake.  But please, don't fool yourself into thinking that just by having this discussion on the forum, you've rectified the mistake.

To look at it from another perspective...

I'm a software developer.  I work for a consulting firm, and for the months of October and November, I was working on-site in the office of the client for whom we're developing, and using Digsby to keep in touch with co-workers both in and out of the office.  The client in question is a financial services company, who does business with and provides web solutions for the banking industry.  Their network, partly due to government regulations and partly due to the supreme data-paranoia of the banks in question, is locked down within an inch of its life.  Exceptions are made only where technically necessary.

If their IT people's security tools had detected this process, been unable to identify it, and flagged it as "suspicious" activity, I'd have been put in an extremely uncomfortable situation.  In the end, the Plura process probably would have been deemed innocuous -- but if questioned about it, I would have had no idea what it was, how it worked, or even how to turn it off.

(Side suggestion.  At minimum, add an ellipsis to the "Help > Support Digsby" menu item -- without it, it looks like a checkmark item, like "View > Always on Top", not like something that opens a dialog box.  Preferably, do away with it entirely and make "Support Digsby" another left-sidebar item in the "Preferences..." screen, because that's where I and apparently others first looked for it.)

Now, keep in mind -- we're a consulting group, performing our first development gig for a potentially major long-term client.  Giving the impression that I don't know (or care) what software I'm running on my machine while in their office would not go very far towards making a good first impression.  The fact that the process could eventually be proven harmless would not have mattered.  (I'd also have had to defend myself to my manager, who would have just finished smoothing over the situation with the client.)

I'm honestly not exaggerating, here.  This could have been a Big Problem for me.  And if I'd known about the Plura process up front, I could have avoided it completely.

And now, to finish with a less personal point...

I don't believe that you were trying to seed my machine with spyware, or consciously hiding the "off" switch (to quote Douglas Adams) "in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard'."  But this is how thousand-post threads with titles like "DIGSBY STEALS YOUR DATA" get started on the likes of Slashdot -- through poor communication and defensive followup comments by staff which (while I completely understand the desire to respond angrily to users making perceived attacks against your integrity in the heat of the moment, oh, yes, do I ever) really should have been self-censored until the poster cooled down a bit.  It also leaves a bad taste in the mouths of users who probably would have kept the Research option enabled, but now won't be positively inclined towards doing so.

Digsby is a new product with a heck of a lot of promise.  If you play your cards right, you could be a major player in the IM-client market for a very long time.  But you can't afford these sorts of PR missteps, and you need to demonstrate to your users -- promptly -- in response to situations like this that you'll listen to and address their concerns about security and openness.  Because the alternative is a trashing of your own reputation on the net at large that will take years to shed.

Thanks for making it all the way to the end of this.  I'd welcome any further discussion, either here or privately in email (my email address is in my profile).


Last edited by kviri (2008-12-05 22:20:07)


#22 2008-12-06 01:45:42
Re: Plura Processing? Verifying for firewall exceptions
artfuldodga
Super Power User
Offline

 

something like plura processing needs to be made clear, not hidden at all during the install process. where a user is required to either agree to install this research gathering software, if a user does not agree... then digsby installs, minus any trace of this feature.



#23 2008-12-07 17:30:46
Re: Plura Processing? Verifying for firewall exceptions
Maverick2k
New member
Offline

 

I'm using Digsby for a long time, lately even as an alpha tester and I fully agree with the points kviri lined out above.

From my point of view it is an absolute NO-GO to implement such a "feature" into the program (even if it is included for testing purposes only) without telling the user before what exactly the Plura project does and giving him the clear choice to participate or not. I dedicate a lot of my CPU time to distributed computing projects via the BOINC client but I do this for project _I_ want to support and I definitely want to have control over it. An instant messenger should do instant messaging related functions and nothing else. The first thing I did when I got aware of this "feature" from a blog post here in Germany was to turn it off but still I'm quite annoyed that it is even there. People complained already about the excessive use of advertising in the new installer (which I never saw with my existing auto-updated installation and I didn't care much about as you can turn it off during setup) but after this people now even start turning away from Digsby and look for alternatives. Is this what you intended? I don't think so... Screaming back at the users complaining about it does not make things better. :-/

regards,
Maverick2k

(this post is not meant to be a personal attack!)


Last edited by Maverick2k (2008-12-07 17:33:21)


#24 2008-12-13 23:23:29
Re: Plura Processing? Verifying for firewall exceptions
WasADigsbyFan
New member
Offline

 

I strongly disagree!  You apparently installed software on MY COMPUTER, NOT yours, MY property that I did NOT give you permission to install.  In some jurisdictions I would suspect would be a violation of law and you may end up on spyware lists for the behavior and in all jurisdictions consider impolite behavior.

I had such high hopes for Digsby...another application that moves to the hall of shame.  Here's a thought...if money is needed may you might ask for payment for services?

steve wrote:

I don't think adding a new feature is a serious breach of trust but I do agree that more should be done from a PR standpoint to explain it so users know what they are getting, can discuss it, and know how to opt out.  The reason this hasn't been done is because we are alpha testing the functionality and didn't want to start a massive discussion over something that we weren't sure would remain a permanent part of Digsby.



#25 2008-12-13 23:35:48
Re: Plura Processing? Verifying for firewall exceptions
karinagw
New member
Offline

 

Steve -
I'm not quite sure that you're repeated statement about not telling people because it is an alpha test is not one of the most frightening things I have read and really causes me a lot of concern.

Not only are you installing, without permission or notification, background software (and, no, it is not like Seti@Home...I actively sought out and installed that software) but you are installing software in ALPHA phase which means, pretty much by definition, that it is potentially hinky and not completed vetted..in other words something that can break and potentially (because you do not know what we are running on our computers) cause a domino effect with possibly disastrous results.

Why would you think that hiding this information from your users is any kind of good?  How can you not think this is a breach of trust?  It truly appalls me at the level of naivete displayed by the rationale that you keep bringing out as a rebuttal to the situation.

Y'all have a good product, but you might want to contemplate bringing on a lawyer and/or ethicist into your development team.



#26 2008-12-14 09:17:36
Re: Plura Processing? Verifying for firewall exceptions
buckethead
New member
Offline

 

I disable the research option under support Digsby; however, on every update it is re enable.  This is rather frustrating.  I understand that you need to earn a buck or two, but once disabled it should not re enable itself - all other settings stay why change this one?



#27 2008-12-14 09:35:50
Re: Plura Processing? Verifying for firewall exceptions
chris
Digsby Developer
Offline

 

buckethead wrote:

I disable the research option under support Digsby; however, on every update it is re enable.  This is rather frustrating.  I understand that you need to earn a buck or two, but once disabled it should not re enable itself - all other settings stay why change this one?

The setting for this is stored the same as all the others, it shouldn't switch back.  If this is happening, I'd guess that it happens to you every restart, not just on updates, with the cause being a problem with saving your preferences to the server.  In that case, I wouldn't expect you to be able to persist any other settings changes.  Most preferences auto-sync every 5 minutes, but to force a check, after hitting "disable", so that the button turns into "enable", go into the preferences window (Tools -> Preferences), and then click the "Done" button.  This should force a sync.  If you continue to experience problems, submit a bug report.

The only way I could see a sync failing is that you both lose the network connection and never reconnect sometime after you log in, and that you're unable to cache the sync data.  This is unlikely.

If you continue to experience problems, submit a bug report, and it's probably not the only problem you're having.




closed topic w/ link == punBB doesn't have merge.
#28 2009-03-14 15:30:32
Re: Plura Processing? Verifying for firewall exceptions
Jacobp
Power User
Offline

 

Problem here is we're running a code by an undisclosed company.



#29 2009-05-30 22:20:33
Re: Plura Processing? Verifying for firewall exceptions
MrC
New member
Offline

 

Here's the problem I have with this.  I have a small umpc with Digsby installed.  Lately the computer is very unstable (it runs very hot when I'm not using it).  I believe your use of Plura Processing has caused this.

It took me 3 hours of searching the computer and the internet to come across this thread.  I bill my time at $100 and hour.  Plus the cost of a replacement computer (if the instability persists) is over $2000.

I understand the need to find a revenue stream, but you are costing your clients money because it makes their computers run hot and break, plus the electricity costs.  Not to mention the invasion of privacy by running unauthorized code.

--MrC


Last edited by MrC (2009-05-30 22:21:58)


#30 2009-06-01 11:05:44
Re: Plura Processing? Verifying for firewall exceptions
steve
Digsby Developer
Offline

 

@MrC: Plura has actually not been running any projects for over a month so I don't think the two are related.



#31 2009-08-14 13:39:59
Re: Plura Processing? Verifying for firewall exceptions
halmc
New member
Offline

 

steve wrote:

I don't think adding a new feature is a serious breach of trust but I do agree that more should be done from a PR standpoint to explain it so users know what they are getting, can discuss it, and know how to opt out.  The reason this hasn't been done is because we are alpha testing the functionality and didn't want to start a massive discussion over something that we weren't sure would remain a permanent part of Digsby.

The point is that you're adding a feature that should by all rights be opt-in, not opt-out.  You should be testing the opt-in choice alongside the function itself as part of your beta. Documenting the use of users' computing power in a FAQ or TOS is insufficient, you should gain explicit permission to do so. To do otherwise is going to quickly alienate your user base.



#32 2009-08-14 19:34:22
Re: Plura Processing? Verifying for firewall exceptions
Exuser
New member
Offline

 

Wow, so not only were you all aware of this issue, and had several complaints before the firestorm set off yesterday, you've completely failed to act across several updates. Wow, I really gave you guys too much credit (and trust, apparently).  Next time, just ask us plainly before sneaking it in the back door.



Pages: 1 2 

Board footer


Copyright © 2007-2009 dotSyntax, LLC.   All Rights Reserved