I must admit to only having come across the term 'OpenCandy' quite recently, after discovering this relatively new advertising medium was bundled with some software I was researching.
It seems OpenCandy is proliferating quite rapidly with more and more software developers bundling it with their products. So, I have been spending some time researching this issue. The OpenCandy platform utilises controversial techniques which has caused some heated debate across forums and blogs. Many are saying OpenCandy is adware or spyware while others say it is merely a legitimate instrument for advertising.
When you install a program that comes bundled with OpenCandy; during the installation process OpenCandy will surreptitiously scan the host computer and then make software recommendations based on the findings. The user will then be given the choice of installing the additional software [or not] via an opt-in/opt-out system. Hopefully most [distributors] will stick with the preferred opt-in selection process rather than the very much sneakier opt-out option.
Here are a few points to bear in mind:
*The recommendations OpenCandy makes are largely based on the products already installed on your computer. OpenCandy gathers this information by covertly scanning the computer without asking for nor gaining your permission.
*If you agree to install any of the software recommended by OpenCandy: not only will that software then be downloaded and installed but OpenCandy itself will also be permanently installed on the computer.
*Even if you choose not to install any of the additional software recommended by OpenCandy, your computer will still be secretly scanned and that information sent to the OpenCandy people.
The defenders of this system, including the makers of OpenCandy, make the following observations [claims]:
*Many programs from known reputable companies scan the computer during the installation process to check for older versions and to confirm the existence of mandatory components, etc.
*If you choose not to accept any of OpenCandy's recommendations, then no 'extras' are permanently installed on the computer.
*OpenCandy states that any data sent back to them is simply general information of the type normally collected by a website whenever you visit, and contains no personal details.
There are indeed 'two sides to the story'. On the face of it, OpenCandy seems harmless enough but there are certainly some serious reservations:
*Will [i:1kyjp5cg]all[/i:1kyjp5cg] software distributors who utilise OpenCandy make [i:1kyjp5cg]full[/i:1kyjp5cg] disclosure; on their home page, as part of the download details, in the EULA.
*If an opt-out system is employed for the OpenCandy software recommendations; how many people are going to inadvertently install unwanted extras on their machines.
*There is currently little or no evidence that suggests OpenCandy is spyware BUT the potential is certainly there.
Consider this; As the use of OpenCandy expands and it is installed on more and more computers, how tempting would it be for the owners to utilise that massive data base more aggressively.
What do I think: I believe OpenCandy, as it now stands, is relatively harmless adware; on the proviso that the software distributors who bundle it with their products stick to a regimen of full disclosure and employ an opt-out system. However, the potential for abuse is somewhat disturbing and I would like to see some more concrete assurances/guarantees in place.
What do you think?
Jim, you have radar. I was composing my post at Security Corner this morning and then I found yours here, so I gave you some credit and a link to DCT.
I agree, for now, it looks benign. Here's my post: http://itknowledgeexchange.techtarget.c ... s-spyware/
Hey Ken - Yes the timing [i:2rrwjln6]is [/i:2rrwjln6]ironic.
Until around 4 weeks ago I knew very little about OpenCandy, then I came across it bundled in a freeware on a download site I have connections with. The owner of the site and I had some discussions over whether it would be prudent [or not] to continue supporting freeware bundled with OpenCandy. He knew as little about it as I did so I decided to do some research, I wanted to know what implications there might be for the end user.
Sorry if I stole your thunder mate.
P.S. I couldn't get the link in your article ("Daves Computer Tips") to work mate? Maybe it's just a Firefox thing?
I hope it's ok to post a couple of links to other sites/ forums.
There's also been quite some talk about it over at [url=http://www.techsupportalert.com/content/controversial-advertising-program-now-being-embedded-more-software.htm:2h1ydvta]gizmo's freeware[/url:2h1ydvta], where Dr. Apps (the "Software Community Guru for OpenCandy") stepped in to offer some explanation (quite a lengthy post).
Interestingly, over at the [url=http://www.donationcoder.com/forum/index.php?topic=18297.msg243954#msg243954:2h1ydvta]DonationCoder Forum[/url:2h1ydvta] they've been arguing about it since 2009 (Dr Apps posted there as well); the thread is a good read and 17 pages long, with the last 10 of them initiated earlier this year (link goes to page 14, where some interesing excerpts from OpenCandy's FAQs on what data is collected are posted). Here's also mentioned that behind OpenCandy are the same people responsible for the spyware in DivX.
The points members "kartal", "app103" and "40hz" make about the way OpenCandy goes about doing what it does find me in agreement.
If you still want to install an app that comes with OpenCandy, [url=http://winscp.net/eng/docs/opencandy:2h1ydvta]WinSCP[/url:2h1ydvta] tells how to avoid it - I suppose that parameter works with all installers bundled with OpenCandy and hopefully OpenCandy gets zero info about you and your machine.
And [url=http://cranialsoup.blogspot.com/2009/05/opencandy-new-kind-of-adwarespyware.html:2h1ydvta]here's[/url:2h1ydvta] a (bit outdated) list of known apps that come with OpenCandy (it's "app103" blog).
Again, hope all the links are ok.
I am human
Hey FD - Posting the links is okay, just so long as none of them lead to sites rated badly by the leading site advisory services. I double checked yours and the are all fine.
I was very interested to read the explanation from the OpenCandy representative, I thought the response was well thought out and included a lot of common sense.
I find it somewhat ironic that so many users accept Google, Chrome, cookies, Microsoft and a myriad of applications that collect information and 'phone home' as part of the norm, yet condemn similar practices by OpenCandy.
If OpenCandy is demanding full disclosure from all their partners then I can't really see what the issue is. The prospective end user has choices; they can avoid software bundled with OC and look elsewhere or they can install software bundled with OC and reject the recommendations.....seems pretty straight forward to me. I would also add, from what I have seen, a lot of software distributors utilising OC are offering a choice of downloads; either with OC bundled or without any bundling.
In many cases keeping Freeware free is of some import, particularly the good [popular] Freeware. If something like OpenCandy helps developers maintain that free status then I believe it is, overall, doing more good than harm for end users.
Overall, I think all the publicity will benefit OpenCandy rather than hurt it. A lot of what has been written has been based on speculation and misconception, getting it all out in the open is probably going to be the best thing for OC in the long run.
Cheers....Jim
1 Guest(s)