LDSToolbar.com

Do you have a useful link that involves the Church and the technology discussed on this site? Post your links and resources here.
marine-p40
New Member
Posts: 3
Joined: Wed Jan 23, 2008 8:33 pm

Postby marine-p40 » Wed Jan 23, 2008 9:30 pm

This toolbar is spyware.

I downloaded the massive firefox extension (450 K are you kidding me) and after viewing the size I wondered what caused the bloat. I found it soon enough. The code points to conduit.com (a free toolbar builder). Conduit.com claims to protect your privacy but then asks questions like "do you mind if we track usage statistics". Now to clarify this is another way to say can we eat your cookies and stuff you with more. The toolbar constantly communicates with conduit regardless of how you answer the usage statistics question which in my opinion is a direct violation of their privacy agreement but hey nothing is really free. It knows and tracks every site you visit. This can be easily proven by visiting another conduit.com enabled site and see how the toolbar reacts with it.

Here is the silver bullet though. This extension taps an active x control and exposes your computer to previously patched vulnerabilities

pref("general.useragent.vendorComment", "ax");
pref("security.xpconnect.activex.global.hosting_flags", 9);
pref("security.classID.allowByDefault", false);
/* Windows Media Player */
pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");

which ... and i quote

[size=-1]"turns absolutely everything on and makes everything scriptable—even those ActiveX controls flagged as "do not script me"—set these preferences:"[/size]

Hmmmm nasty.

I like the idea of the toolbar but It would be nice if you had coded it yourself and could hang your hat on the security. If you are offering a firefox extension then it should pass the firefox extension approval process and be sanctioned by mozilla. IE users are probably brimming with spyware already and won't notice yet another key logging, cookie stuffing, site watching application.

Thanks

Stephan-p40
New Member
Posts: 24
Joined: Tue Apr 17, 2007 5:59 am
Location: Doncaster, United Kingdom

Postby Stephan-p40 » Thu Jan 24, 2008 2:17 am

This is not true.

Yes Conduit tracks statistics but it is limited to the following

Number of new installs
Number of active users
Number of Clicks on the toolbar (Not which sites actually have been clicked)
Number of searches (Not what has been searched)

If you opt out then nothing like this will be recorded. If you visit a website that uses visitor tracking they will be able to record a lot more information than this.

If this is spyware how come companies like

WWF, Greenpeace, MBL, Opodo, TechCrunch, Discovery Networks, Lufthansa, ASPCA

use this same company to create toolbars? I do not think that those companies can afford to create and distribute spyware infested toolbars.

So if you read the message above and are concerned about your privacy read this privacy statement.

http://www.conduit.com/privacy/ConduitPrivacy.aspx

There is no spying going on

Stephan-p40
New Member
Posts: 24
Joined: Tue Apr 17, 2007 5:59 am
Location: Doncaster, United Kingdom

Postby Stephan-p40 » Thu Jan 24, 2008 4:07 am

I have done a little bit more research.

There are multiple reasons why there is traffic between the conduit network and the toolbar.

1. The icons are stored on their server and when the need to be displayed ie you open the LDS Websites menu the toolbar requests those images.

2. The toolbar is auto updating so that you always have an uptodate toolbar. BTW autoupdating does not mean auto installing other software. It will only check for the latest version of the software in specific intervalls.

Stephan

Stephan-p40
New Member
Posts: 24
Joined: Tue Apr 17, 2007 5:59 am
Location: Doncaster, United Kingdom

Postby Stephan-p40 » Thu Jan 24, 2008 6:04 am

In addition to that Conduit.com is certified by TRUSTe

http://www.truste.org/ivalidate.php?url ... sealid=101

If you really think that they have broken their privacy statement contact truste and they will investigate.

Cyclospe-p40
New Member
Posts: 2
Joined: Sun Nov 04, 2007 10:54 pm

Postby Cyclospe-p40 » Thu Jan 24, 2008 12:27 pm

Still, this information is wont to make one very nervous, and unless you actually built the Toolbar yourself, it's hard to fully trust (or even know) all the things that are going on under the hood.

Stephan-p40
New Member
Posts: 24
Joined: Tue Apr 17, 2007 5:59 am
Location: Doncaster, United Kingdom

Postby Stephan-p40 » Thu Jan 24, 2008 12:50 pm

It does not concern me.

Do you use Google or Yahoo? Well they probably gather more information than the conduit toolbar.

Do you check on websites where advertisement comes from ? If no companies like doubleclick are gathering a huge amount of data.

On the other side I find it interesting that both posts ( #11 and #15 ) have come from someone that has just newly registered. Makes me wonder if it may come from the same person ?

Cyclospe-p40
New Member
Posts: 2
Joined: Sun Nov 04, 2007 10:54 pm

Postby Cyclospe-p40 » Thu Jan 24, 2008 1:29 pm

Interesting assumption. (The answer is no, I am not the same person as Marine.)

However, in response to your wonderings:

1) I actually fear the power of Google. I recognize that they have great tools, and are a source of some pretty good things, but I fear that they have a long reach, and they keep so much data, and have the capabilities of tracking so much data, it's simply unnerving.

2) I make it a practice to never click on paid advertisements. I ignore them at all costs.

In addition, BTW, I really think that you have a great idea. Building a toolbar for people of the LDS faith, free of charge, and you aren't even out to make a buck. It's definitely an effort worth pursuing. Although, I had thought at first from your first posts, that you yourself had actually built it...

Let me ask you: aren't you even a little concerned with the security risks posed by the toolbar as discussed by Marine? (I know I would be.)

User avatar
mkmurray
Senior Member
Posts: 3241
Joined: Tue Jan 23, 2007 9:56 pm
Location: Utah
Contact:

Postby mkmurray » Thu Jan 24, 2008 2:27 pm

Cyclospe wrote:Still, this information is wont to make one very nervous, and unless you actually built the Toolbar yourself, it's hard to fully trust (or even know) all the things that are going on under the hood.
He might trust it if he built it himself, but that doesn't mean that I automatically trust a product from some unknown individual. I would have more trust in a product produced by a larger entity (that I trusted) than just some individual. I admit though that what's up for debate is Conduit's trustworthiness. But my initial point is that basing his code on someone else's code or some company's code does not automatically degrade the trustworthiness.

marine-p40
New Member
Posts: 3
Joined: Wed Jan 23, 2008 8:33 pm

Postby marine-p40 » Thu Jan 24, 2008 2:41 pm

The real issue is conduit's use of an activex hack which then exposes the user to potential viruses, spyware etc. Perhaps conduit has no malicious intent but as most things go this can be explained by ignorance. The windows media player hack is another issue with potential risks as well. Another thing I noticed is that the initial install prompts the user to switch default search to a sponsored google account.

I personally think it is wrong to make money off an lds toolbar being promoted by a subdomain of lds.org.

I could go on and on. This does not ring true.

User avatar
mkmurray
Senior Member
Posts: 3241
Joined: Tue Jan 23, 2007 9:56 pm
Location: Utah
Contact:

Postby mkmurray » Thu Jan 24, 2008 2:41 pm

Stephan wrote:On the other side I find it interesting that both posts ( #11 and #15 ) have come from someone that has just newly registered. Makes me wonder if it may come from the same person ?
Actually, Cyclospe is not newly registered at all. He/she registered nearly 3 months ago. In fact, this user had been registered over a month before you even posted this thread.

Just because Cyclospe had no posts prior to his thread, does not mean the user is newly registered.


Return to “Links & Resources”

Who is online

Users browsing this forum: No registered users and 1 guest