Skip To Navigation

EffectiveBrand Update

Disclaimer: if you haven't been following the EffectiveBrand spyware/notspyware thing, this probably won't interest you.

Timeline

Since my last post on the subject:

  1. (April 1) EffectiveBrand updated their code so it no longer loads remote JavaScript. Good first step...
  2. (April 18) I looked into who was approving the toolbars. It was mostly one person, and that person is somehow related to EffectiveBrand. That user's editor status was removed.
  3. (April 18) I looked at the toolbar in more detail and recorded what exactly it sends when it phones home.
  4. (April 20) EffectiveBrand makes some changes to their privacy policies. See below.
  5. (April 20) Hannibal makes a list of the EffectiveBrand toolbars on AMO. Almost 30 overall.
  6. (April 21) They're gone.
  7. (April 21) An EffectiveBrand member posts on their forum that this is all "a bit of misunderstanding from Mozilla side". Judge for yourself.

Privacy Policy Changes

A few points before I start:

  • These changes, in my opinion, make the policies on EffectiveBrand's websites closer to the truth. I can't say whether the updated pages are entirely true, but I'll try to present the information, and let you decide whether they're telling the truth and/or being misleading.
  • What these pages say or do not say has no real relevance to addons.mozilla.org, as a user installing an extension from there has no opportunity to read and agree to them.
  • This is a "unified diff", badly formatted into HTML. If you haven't seen one before, all you need to know is that "+" indicates an addition, and "-" indicates a removal.

- DOES NOT spy on your browsing habits. URLs of pages you visit are sometimes sent to our server, but only to allow generation of relevant categories. The information is then promptly erased. To ensure your anonymity, there is no unique ID that can distinguish one user from another.

+ DOES NOT spy on your browsing habits.

This bit was edited to remove the false "no unique ID" claim, but in the process the bit about sending addresses of some pages visited (which is still true) was removed.

- DOES NOT cause software malfunctions. We have been meticulously checked for bugs, and are constantly improved with user feedback.

- DOES NOT slow down your connection. Our toolbar exchanges only a few bits with the server each time you visit a website - not nearly enough to effect your connection speed.

- DOES NOT download anything on its own.

All removed. That last one was definitely false, but I don't know about the other two. Either they're assuming that's obvious and doesn't need to be in the policy, or it does cause software malfunctions after all.

- DOES NOT block uninstall... The uninstall leaves nothing behind.

+ DOES NOT block uninstallation...

(Irrelevant bit removed) Isn't it great when you can just change the policy when somebody points out you're not following it? Even better if you think nobody noticed you changing it, right?

I never did try to claim that $5000. Maybe I should have, but I know I can't now. It's easy to stop being spyware when you're controlling the definition.

+ DOES NOT and will not sell or rent your email address and other personal information.

Nobody was claiming it did that, though I suppose it's good to have it explicitly specified.

-Our Toolbar does NOT spy after the user and does not transfer any personally identifiable information such as a name, an E-mail address, or a unique ID, ensuring complete anonymity for users. URLs and search queries are NOT stored and are not transmitted to any third party.

+Our toolbar does NOT spy after the user and does not transfer any personally identifiable information such as a name or an E-mail address, ensuring complete anonymity for users. URLs and search queries are NOT stored and are not transmitted to any third party.

(Emphasis mine) Yep, the unique ID lie is gone here as well. They go on to explain:

+Our toolbar statistics are completely anonymous and do not contain any personal identification. We don't match individual users with their specific Web or toolbar usage and don't share the specifics with anybody. A user id is used solely for the purpose of offering toolbar publishers with reliable status of their active toolbar users (how many people are using a certain toolbar). This user id is not transmitted during any other use of the toolbar.

Cookies are your friend. No, really. When the one request that does contain the user ID is sent, the response contains a session cookie. And that cookie can be used to link together the rest of a user's activity. That last sentence is perfectly true, but meaningless.

...

Is EffectiveBrand misleading users? Probably. Was it right to get them removed from addons.mozilla.org? Yes, I think so. Will they ever get accepted in the future? Maybe. If they listen to Shaver, they have a chance, but if not, they're probably doomed...

So. Here endeth the (ridiculously long) post. I just really wanted to get this data/information/knowledge up somewhere. I'd like to know: What do you think? Am I being paranoid? Untrusting? Pessimistic? Or, am I being too nice? Should I have used the E-word? I'm interested.

⇐11 May 2006 - ChatZilla/XULRunner progress / 21 Apr 2006 - Normal returning...⇒

Feedback

Salam Boss,
hi im Umair frm PAkistan,KArachi i hav my own toolbar but past few days mY toolbar download page url is not working CorrEctly n i hav 2 Download my toolbar coz i just have re-install mY WIndOWs plzzz HElp mE wht i do for this??? / Comment from Umair on 10 May 2006 at 01:01.

Feedback is closed. Feel free to contact me privately.

tH