Another COMODO EULA controversy

@Laser,

I wrote it all, no quotes from correspondence.

@ Big Mike, J2897,

I think that each product does have it’s own EULA, but they all refer to the overall single company policy regarding, protecting users information and data.
There really need be just one.
Unfortunately when reading all encompassing legalese, we try to insert whatever our specific concern is, into the apparently (to us) vague general legal Cover Your ■■■, wording and statements.
Which more unfortunately, for us once concerned about a specific issue, find it gives little solace in broad sweeping general “We’ve got you covered.” statements.

As I wrote earlier, I am in contact with the legal dept. and I am presenting all of these concerns.
Hoping to deliver some more clarity. And who knows what may come of it.

Honestly, if the privacy policy provided specificity for every conceivable situation, it would become a virtually unreadable, extremely long text that nobody, not even the lawyers could properly decipher.
Me Thinks…

Bad

Damm, you people make a big deal out of virtually nothing.

Depends on what "Files" do you mean.
Jeez people, what do you think it means. They only care about the system files such as svchost.exe

I’ve seen worst EULA then this(think of banks, credit cards, bills). If you seriously think comodo is going to go through your personal stuff, then I don’t know what to tell ya. Maybe you shouldn’t be on the internet and put a tinfoil hat on

Even google collects some personal information from the user and no one discards chrome.

+1 Totally agree on that point raised, nicely done.

Nuff said :slight_smile: There is no privacy on the net. And never will be.

I do! I almost hate Google now!

Agree, but as long as it takes court orders and law suites it will at least be because “someone” did something that should not have been done probably…

What does make stealing a document from a server any different from stealing the same document from a fax machine inside a building? It’s still not your property… Just because it’s easier doesn’t make it right does it?

I think that’s different from the googles etc from this world, they can do as they like with all their “internal” statistics, they harvest all over the globe, and users are willing to give that all up because of some “free” email/docs/what ever they provide… without even reading the EULA

If every body read them and took them seriously you would probably end up with a computer without any software on it, not even an OS…

Just when the product is “security” related it becomes an issue?

And i dont think comodo will collect your personal information and sell your identity.
For Security as a whole some information must be passed on.

In some cases it needs to submit details, what do you think happens if for example a cloud scanner is scanning your system… it has to match Hashes with a central database and every hash is connectible to a application safe/unsafe black/white listed. So at least a HASH of an application is send over the wire…

Coming with CIMA it needs to analyze the executable, and therefor it needs to submit it first to the Comodo Infrastructure to be able to analyze it… so there will also be some “file transmission”

But that is not done to spy on users, it’s done to make sure your system is safe from those criminals that DO spy on you without a EULA.

We need to be informed what data, where and when is transfered. Make a prompt. That’s all.

The Frog rules… O0

EVERY softeware has a EULA.
Every one.
How often do we we try to read each of them?

It suddenly dawned on me,that I made a special effort to read the EULA of Comodo,
because deep inside I did not trust Comodo.(too much smoke without some fire.)

If you do,trust Comodo,ignore the EULA.
If you do not,go elsewhere,as I have done.

Here’s one thing that could help you scan for keywords…

http://www.javacoolsoftware.com/eulalyzer.html

I think when a program becomes a world known product it attracts too many attention to itself. And if developer does not want to lose its prestige it has to make it around inspite of all the eula’s. There are too many programs being forgotten by being EUAD (End User Annoying D…). If a program is inspected by tons of smart and skilled people from inside and outside we surely can trust it more. I’m a kind of a esthete user who risks to get a PC flu because of a pretty look of an app (a nod in the direction of CIS 4 design which looks awful) but I still trust Comodo yet. I’m not talking about EULA, I’m talking about the elementary decency. Wouldn’t it mean they should tell us what kind of data is flowing off our PC’s?

Exactly. We should know what kind of information is collected, and it is not only for sake of all users but also for Comodo. EULA should be clear and “clean”. Bad posted he is in contact with C. staff, and I hope soon we get clear answer…

+1 I use that one too, along with the various other offerings like spywareblaster and doc scrubber.

Unless you plan on using offline updates for a anti-virus, How does one expect anti-virus to update if it can’t find the computer to date it??? or even check to see if it’s up-to-date.

At least comodo isn’t like nod32, where is requires a username and password. (I’m not bashing nod32)

That’s cause NOD32 is shareware and you need to pay for a legit username and pass (in theory)

eXp

I just scanned this and it went crazy! ;D

I will use it, before allowing any new programs I try, to communicate with the internet. Nice find! (I will probably have to remove a lot of “My Trusted Software Vendors” first though, or is that just for Defense+? I’ll just remove them anyway in case they exploit the Browsers connection.)

I would love to see CIS’s EULA come up clean when scanned with this (that sure would be something to boast about, although I don’t suspect it would be possible to accomplish such a task).

My primary concern in the CIS EULA (I haven’t read it all yet), is the part in the OP (Original Post); which seems to grant Comodo the ‘right’ to take ANY and ALL data-files from a users PC silently (big files would obviously not be so silent), and hand them over to ANYONE affiliated with Comodo.

I doubt that Comodo really needs such a broad ‘right’, if all that the CIS Dev’s really need are ‘unknown executables’ (after the user has seen these and clicked ‘Send’), crash log reports, and maybe certain other more ‘specific’ files.

As new features are added to CIS, and if the CIS Dev’s or the Legal Dept’ notice that the CIS EULA doesn’t cover those new features, that’s the time when I think that this ‘right’ should be used…

[b]16. Amendments.[/b] Comodo may amend this Agreement and the Software and related services offered under the Agreement in its sole discretion without notice...

Sorry for the delay,
Here are the responses, to a couple of email inquiries.
My words are in blue, even where quoted back to me.

Hello Bad,

Thank you for your inquiry.

Comodo is committed to providing full disclosure and transparency of its best practices and policy.
We welcome input from you and forum members to improve the language in our EULAs and Privacy Policy.

Comodo’s EULAs track and follow our Privacy Policy. Users are clearly informed of the type of information collected and use of data. Personal information is never obtained by Comodo without a user’s consent.

Here is our entire policy for data collection as stated in the current CIS EULA:

1.1. Privacy Policy. Comodo shall follow the privacy policy posted on
its website at http://www.comodo.com/repository/privacy_agreement.html when
collecting and using information from you. Comodo may amend the privacy
policy at any time by posting the amended privacy policy on its website.

1.2. Disclosure. Comodo will disclose information where required by a
subpoena, interception order or other lawful process. Comodo may also
disclose information when it believes that such disclosure is necessary to
protect the rights or safety of others or to enforce, or protect Comodo’s
rights under this Agreement.

1.3. Opt Out. You may opt-out of having information used for purposes
not directly related to the Products by emailing a clear notice to
optout[at]comodo.com. By clicking “I AGREE”, you affirmatively consent to
receiving Comodo’s and its affiliates’ promotional material.

Please let me know what is unclear to you or others in the CIS EULA or the
Privacy Policy.

And the follow up…

With respect to your questions regarding the privacy policy, the answers will depend on the product or service. As you know, the Comodo brand involves many different products and services. The privacy policy applies to all products and services.

You have asked about the meaning of “information”, “data”, and “affiliate”. I assume you are referring to the following paragraph in the privacy policy:

Sharing

Comodo will share aggregated demographic and other information with our partners and affiliates. Information provided to Comodo will be protected by Comodo and not sold or rented to any unrelated third parties without the express consent of the information provider, except that Comodo may disclose data to its affiliates and business partners who have established similar privacy standards, when legally obligated to do so, or if disclosure is required to protect the rights over Comodo, Comodo’s customers, or the users of Comodo’s services. Comodo may also share aggregate demographic data that does not contain any personally identifiable information.

See below for more specific answers to your questions:
Precisely What? information/data is collected and When?

As stated in the privacy policy, Comodo only collects personal information after obtaining the consent of the customer. This information is asked for during the registration or use of the product. No personal information is collected when the user browses the website. For example, CIS asks for the user’s email address during activation. If provided, this information is gathered by Comodo and stored on our secure servers.

This information/data may be shared with our affiliates. Who?
The statement. “This privacy policy applies to each of the Comodo entities, but not to Comodo’s partners or affiliates, which may have separate privacy policies.”
Is cause for concern, as it is meaningless if we have no real grasp of Who? are these entities, and precisely What?
information has been collected.

Partners and affiliates are companies and entities with whom we have a contractual relationship where they assist Comodo in delivering its products and services. For example, Comodo CA offers digital products. In accordance with standard industry practices, Comodo uses registration authorities, that are not necessarily owned by Comodo, to assist in translating and performing the initial validation of each entity. This is done with the consent of the subscribing entity. Your question about what information is collected is too broad to answer considering the wide variety of products Comodo provides. As stated above, all personal information, regardless of the product, is only gathered after obtaining the user’s consent.

The conversation has now even spawned the question/concern about files submitted for analysis.
These could be sensitive,private,proprietary and now Comodo has a copy?
What is done with these files?

Are you talking about Comodo cloud scanner? If yes, then there is a user interface that specifically asks for user consent prior to uploading the files. Users should not upload personal files. In reality, these files are executable or code files and not personal files such as WORD documents. All files submitted to Comodo are retained by Comodo on secure servers.

And the last…

What information is taken from an/each individual, that is used to make up this aggregate demographic data ? >>> For the Firewall - all the information shared by the user through threatcast is shared with other threatcast users. Same for the AV. Hopsurf shares all information submitted through HopSurf, such as rating and comment information. LPS users might provide information about what caused the computer error. This information is shared with the Comodo company that can best help the user with his problem. Please note, that ALL of this information is provided by the user with consent. Aggregate information collected is the IP addresses of users downloading the software. Remember, the privacy policy is written in a way to apply to ALL of Comodo's products, regardless of function. If the privacy policy is more specific, we would have to have a one privacy policy per software package. I don't know of a single company that does that.

What “other” information?
Depends on the circumstances.

Who are Comodo’s Partners?
As indicated in the prior email, we have lots of Comodo partners. Webhosts are Comodo partners that receive information about the people they host (such as required scanning reports). Again, this sharing is with consent. For CIS we have some undisclosed partners and affiliates who provide support for the services. No company is an island, operating without providers.

Who are Comodo’s Affiliates?
We have lots. Comodo Security Solutions, Comodo CA, Comodo Group, Comodo Communications, etc. Each of these are different Comodo companies that provide various services to each other.

With all that, I’m done with this issue.
Hope some of this helps, someone.
Because I was OK with it all from the start.

If you have other concerns, feel free to email privacy@comodo.com

Bad

Thanks Bad Frogger. You’ve been a great help. :slight_smile:


Just my little input for now…

Comodo will share aggregated demographic and other [b]information [/b]with our partners and affiliates. Information provided to Comodo will be protected by Comodo and not sold or rented to any unrelated third parties without the express consent of the information provider...
By clicking "I AGREE", you affirmatively consent to receiving Comodo's and its affiliates' promotional material.

I assume that, by clicking “I AGREE”, you are also affirmatively consenting to:

10.2. Comodo may gather information ... This [b]information [/b]may include private data. Comodo may ... share this information with others.