Skip To Navigation

April 2006

EffectiveBrand Update

Disclaimer: if you haven't been following the EffectiveBrand spyware/notspyware thing, this probably won't interest you.


Since my last post on the subject:

  1. (April 1) EffectiveBrand updated their code so it no longer loads remote JavaScript. Good first step...
  2. (April 18) I looked into who was approving the toolbars. It was mostly one person, and that person is somehow related to EffectiveBrand. That user's editor status was removed.
  3. (April 18) I looked at the toolbar in more detail and recorded what exactly it sends when it phones home.
  4. (April 20) EffectiveBrand makes some changes to their privacy policies. See below.
  5. (April 20) Hannibal makes a list of the EffectiveBrand toolbars on AMO. Almost 30 overall.
  6. (April 21) They're gone.
  7. (April 21) An EffectiveBrand member posts on their forum that this is all "a bit of misunderstanding from Mozilla side". Judge for yourself.

Privacy Policy Changes

A few points before I start:

  • These changes, in my opinion, make the policies on EffectiveBrand's websites closer to the truth. I can't say whether the updated pages are entirely true, but I'll try to present the information, and let you decide whether they're telling the truth and/or being misleading.
  • What these pages say or do not say has no real relevance to, as a user installing an extension from there has no opportunity to read and agree to them.
  • This is a "unified diff", badly formatted into HTML. If you haven't seen one before, all you need to know is that "+" indicates an addition, and "-" indicates a removal.

- DOES NOT spy on your browsing habits. URLs of pages you visit are sometimes sent to our server, but only to allow generation of relevant categories. The information is then promptly erased. To ensure your anonymity, there is no unique ID that can distinguish one user from another.

+ DOES NOT spy on your browsing habits.

This bit was edited to remove the false "no unique ID" claim, but in the process the bit about sending addresses of some pages visited (which is still true) was removed.

- DOES NOT cause software malfunctions. We have been meticulously checked for bugs, and are constantly improved with user feedback.

- DOES NOT slow down your connection. Our toolbar exchanges only a few bits with the server each time you visit a website - not nearly enough to effect your connection speed.

- DOES NOT download anything on its own.

All removed. That last one was definitely false, but I don't know about the other two. Either they're assuming that's obvious and doesn't need to be in the policy, or it does cause software malfunctions after all.

- DOES NOT block uninstall... The uninstall leaves nothing behind.

+ DOES NOT block uninstallation...

(Irrelevant bit removed) Isn't it great when you can just change the policy when somebody points out you're not following it? Even better if you think nobody noticed you changing it, right?

I never did try to claim that $5000. Maybe I should have, but I know I can't now. It's easy to stop being spyware when you're controlling the definition.

+ DOES NOT and will not sell or rent your email address and other personal information.

Nobody was claiming it did that, though I suppose it's good to have it explicitly specified.

-Our Toolbar does NOT spy after the user and does not transfer any personally identifiable information such as a name, an E-mail address, or a unique ID, ensuring complete anonymity for users. URLs and search queries are NOT stored and are not transmitted to any third party.

+Our toolbar does NOT spy after the user and does not transfer any personally identifiable information such as a name or an E-mail address, ensuring complete anonymity for users. URLs and search queries are NOT stored and are not transmitted to any third party.

(Emphasis mine) Yep, the unique ID lie is gone here as well. They go on to explain:

+Our toolbar statistics are completely anonymous and do not contain any personal identification. We don't match individual users with their specific Web or toolbar usage and don't share the specifics with anybody. A user id is used solely for the purpose of offering toolbar publishers with reliable status of their active toolbar users (how many people are using a certain toolbar). This user id is not transmitted during any other use of the toolbar.

Cookies are your friend. No, really. When the one request that does contain the user ID is sent, the response contains a session cookie. And that cookie can be used to link together the rest of a user's activity. That last sentence is perfectly true, but meaningless.


Is EffectiveBrand misleading users? Probably. Was it right to get them removed from Yes, I think so. Will they ever get accepted in the future? Maybe. If they listen to Shaver, they have a chance, but if not, they're probably doomed...

So. Here endeth the (ridiculously long) post. I just really wanted to get this data/information/knowledge up somewhere. I'd like to know: What do you think? Am I being paranoid? Untrusting? Pessimistic? Or, am I being too nice? Should I have used the E-word? I'm interested.

Normal returning...

I got a haircut. Fantastic.

Seriously though, I think it's growing back slightly darker, though I'm not entirely sure.

Annoying bugs

It may look like a cat did it...

Thunderbird popped up an empty dialog, with no title, just OK and Cancel buttons.

...but somehow, it was me. I was trying to press Space, but might have slipped and press B or N. I'm trying, but it just won't happen again. :(

Numbcast mirror

I've uploaded the Numbcast archive in case anyone needs it. Suggestions welcome, especially on how I can make the page make sense to people.

The naked <body>

Bandwagon of the day: CSS Naked Day. Basically, a few hundred sites are going without CSS for a day and the visitors get to see if they're still remotely usable. Two things:

  • My logo is still an <img>. It used to have the word "rdmsoft" in it, which made it content, but if I can be bothered I'll try to find a way of getting the image there (and keeping it clickable) without extra markup. Most likely I'll leave it as it is - it works.
  • My tabs script (as used on updates) adds links that do nothing. Whilst "CSS off, JS on" is most likely an edge case of edge cases, I'm open to suggestions...

Great minds?

Note: the whole site was pink at the time this was posted. As was Slashdot.

Hmm, looks like Slashdot had the same idea as me, and they probably executed it better. Except for the font. I win on the font. The end.

Meh, I suppose I don't even have to bother writing up a sarcastic explanation now, I can just point to theirs and be done.

Other things I was planning on posting about but didn't bother writing up properly include Options Options, a critical Firefox 2 feature included at last minute to avoid losing half the browser's market share to Opera. It looks like this:

It's a dialog with a variety of unnecessary options. The first tab 'Global', one of 7, allows users to set the tabs of the options dialog to appear at the top, left, bottom, right, or centre of the dialog. Users can also pick which tab is shown when the dialog is opened, whether they are prompted for confirmation when it closes, and which menus the options menu item appears on. Finally, the dialog includes an 'Options Options Options...' button.

Good morning.