good note and good practice!
But there also should be noted the following:
The type of tools like Comodo's Trusttoolbar is a new software cathegory. This cathegory can be marked up by some characteristics:
- The software gathers some local informations. (like the current weblink I try to connect to)
- This information will be evaluated "life" by requesting an external database outside of the
control radius of the user. Typically the gathered information will be sent to a webservice,
which will respond a qualified answer. (For example insert a ne CD in your computer. When
playing it winamp the shown playlist comes from the internet, because the prog has sent the
CD-ID to such a database. That database responded by sending the title list of this CD.)
Important is the fact, that automatically a foreign (from the sight of the user) database will
receive some private informations.
Unfortunatelly there are many tools out there, giving you a nice gimmick but installing also a background tool to gather valuable informations like personalized email addresses for spammers or phishing for your bank account details for an elecronic bank robbery or just getting a link to your real life identity and collecting more and more your user-behavour. That's the most valuable info out there in the internet. (count your daily spams and cathegorize the themes of the ad-banners displayed to you)
Having this sight one can understand that some spyware-guys might say: Software that do send out private informations without further notice might be spyware. So there is also a task to the programmers of such a (possibly very usefull) software, to
- exacty define which information will be sent
- make this veryfiable (by publishing the protocol / sending the infos in human readable form /
giving a monitor-window and/or logfile / etc. etc. ...)
- giving a simple (!) switch to the user to stop and start the service easily.
- showing up, which dependencies are between the programmers entity and the database-
providers entity. (is it a 3rd party DB or a DB of programmers company)
- giving the direct oporunity to see the privacy policies the database provider.
- and many other ideas to give real transparency to the final user.
Like this, an exculpation from the charge of spyware should be easy. Why not starting the global policy to send such informations over a dedicated standardized port (for example 8082) in standard XML format? I think, for a free software, giving this option giving this worldwide example would be a great step (with surely a great promo
Nevertheless I hope, these spyware-tool threatening Trusttoolbar will stay consistent and also threaten the phishing practise of Windows Vista's new "AntiPhishingService". The "Tree-Step-Trustaproovment" will always contact an external DB to check, wether a weblink is banned by the "phishing-site"-flag.
Or they have to stop it at all !!!
so long. Hope it helps...