Phoning home

Can anyone respond to this post at Wilder’s? Comodo Firewall Privacy Intrusion !? | Wilders Security Forums It’s a little disturbing. :stuck_out_tongue: Read from post #1

What’s the point? There is no evidence of any kind. Why on earth would someone, who knows what they are talking about, post that without the attached PCAP (evidence)?

Same posted Wilder’s URL… What do you think about this?

Edit: Read from post #1 x 2 :stuck_out_tongue:

Maybe it’s someone with a personal problem. :wink:

Given the tone & content of the 1st post… no evidence = FUD. Next! ;D

however, what about these https connections? >:(

Rich

Hello Rich, welcome to the forums.

Yes, I saw that. You’ve not seen a web site using Google stat gathering before? Personally, I block all the Google stat stuff without a second thought. But, maybe that’s just me. However, please don’t trust me, check it out for yourself… investigate… stick a Packet Sniffer on it and use the MK 1 Eye Ball to verify your (or somebody else’s, in this case) suspicions.

So, what about those HTTPS connections? >:(

Thank you Kail for your prompt response and details.
I am a total firewall/PC newbie so I will leave the investigation to experts…

Have a nice day,
Rich

its google analytics. thats how we analyse our websites/forums to see which pages are working which are not etc. basic web design stuff that google makes available for free to everyone.

Just go to any other website that has google analytics and see what it does! you will find that its very much like ours. There simply is no link between our products and google analytics. for clarification FUD is not that we don’t have HTTPS thanks to google analytics but other FUD that others are trying to spread by starting threads that spreads FUD. (STEM: yours is not FUD, yours is a factual statement :slight_smile: )

Melih

Agnitum.com, makers of Outpost firewall, uses Google Analytics as well. But they reveal that information in their privacy policy:

"Cookies

Agnitum websites use Google Analytics, a web analytics service provided by Google, Inc. (”Google”). Google Analytics uses cookies to help us to analyse how users use Agnitum sites. The information generated by the cookie about your use of our sites (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our sites, compiling reports on website activity for us and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of Agnitum sites. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. "

http://www.agnitum.com/privacy_policy.php

If IP addresses of people who visit Comodo (which of course would include users of Comodo products) are stored on Google web sites then it would be appropriate to reveal such information in the Comodo Privacy Policy. If IP addresses are not sent to Google then it is probably no big deal. At least that is my two cents worth.

fair input acr. thanks for that, i will pass it to relevant guys as suggestion to see what they think.

however, this is about our websites and people were complaining that the product makes some secret call in an attempt to get sensitive user info so that we sell that information (which is all baloney). And now some people are complaining about our registration process cos when people register we send that information to our own servers :slight_smile: It gets funnier by the day…the only phoning home I am doing now is, to let my wife know that I am coming home :slight_smile: This is hilarious! :slight_smile:

Melih

You mean I have to phone my wife each time I use a Comodo product???!!! That wasn’t in the EULA!!!

Ewen :slight_smile:

Thanks for the reply Melih. Maybe that would be another reason to put the Google Analytics info in the Privacy Policy? Maybe even explain the connections? That way you could squash such rumors before they get blown way out of proportion.

To be clear on the FUD label. Evidence does not, and should not, need to be framed within the context of a question… it merely “is” what it “is”. In this case, specifically, it should enable others the replicate & verify whatever the evidence is meant to be highlighting/demonstrating. Failing this basic criteria does nothing more than to promote uncertainty & doubt about a product that does not warrant such attention. Thus FUD (Fear Uncertainty & Doubt).

Just to further clarify about the HTTPS connections:

As Melih has said, one is for Google Analytics.
From the post ‘Stem’ made on Wilders, it can be seen that there are a couple of other HTTPS connections made while browsing the forum.
If he’d checked it further to view the source of the page, it can be plainly seen that there are several objects (Trustlogo, the RSS feed-to-forum-news script, couple of images for the http/https switcher) that are called over HTTPS.
They were added to stop the ‘secure/non-secure objects’ warning in IE for those users who wish to browse or login over HTTPS.

What is funny is that the start of that topic on that forum is the guy from kukuland makes the following unfounded statements

“The reporting functions are especially objectionable because they were actively kept secret”

without showing a single shred of evidence. but then again, i haven’t seen any rules for people from kukuland that they have to show any evidence to any claims they make, have you? :slight_smile:

then he makes the following statement:

These functions to be unacceptable violations of consumer privacy

erm, which violations done by who and aren’t we so lucky that we have you to point them out :slight_smile:
Again, in kukuland this is totally acceptable statement as we all know you don’t need any proof or evidence!

then our friend from kukuland continues with the following statement:

Transmissions of data were actually hiden, which suggests an intention to conceal a wrongdoing

This is the funniest, as how hidden could it be if our friend from kukuland can figure it out :slight_smile: And the word is encrypted not hidden but then again, creating sensationalism is an acceptable behaviour of the citizens of kukuland. Again has anyone seen any rule that says otherwise? i thought so :slight_smile:

of course by this time, this guy from kukuland is gunning for presidency with the way he is going as he builds his amazing case against Comodo with the following statement

Why Comodo should not be considered to have broken this law.

errrmm… ■■■■ good question, could it be because you failed miserably in trying to establish even the smallest kind of evidence and instead you are squirting FUD :)… but then again, as we have been learning about the Citizens of Kukuland, i haven’t seen anyone in kukuland requiring a rule that they need evidence to come to the above judgement, have you? :slight_smile:

then the chap from kukuland goes to make a public announcement for the citizens of kukuland :slight_smile:
he says:

To consumers recommending they discontinue using and to uninstall all Comodo products

hmm… Citizens of kukuland listen to your future president! This guy certainly deserves the title for Presidency of Kukuland cos he certainly have the flare for talking bollocks :slight_smile: and spreading FUD…

so why am I wasting my time writing all this? : I just couldn’t resist this as it was too funny :slight_smile:

BTW: look at how the post started and how its going now, it started with the FUD being squirted by the President of the Kukuland, and now everyone is talking about Google Analytics … hmm…

Melih

twl845, if you feel uneasy about comodo using google-analytics.com , you can block using mvps.org host files along with edexter(tiny http server,local) this is info only, not a recomendation.

Hi Darth, Thanks for the tip, but I’m not really concerned about Google analytics. If I wanted to be concerned, I would be concerned that Google keeps our surfing habits in a database for 2 years, if we use Google as our search engine. If they want to track me, it’ll be like watching paint dry.
The reason I made the post was to make the forum aware that Comodo was being bashed. ;D

For such as a “logo” or a possible connection to a feed, I would not expect to see so much outbound traffic for this,… certainly when I have no “feed” client. I am not here to argue, but to find full/correct info.

Comment:- I still say a security forum should not be redirecting to a 3rd party logging site, I know full logging is made on site (if not, then it is a security risk), but to divert and to allow Google to collect this data (referrers/history/etc. etc) should not (IMHO) be allowed. I can understand this on a site where a need to know the best route for product sales,… but a support/security forum, sorry, I cannot understand this need, and certainly do not like this.

Regards,

Stem

First of all, thank you for posting here and welcome to our forums. We do understand your views which are very clear and we have taken them on board and evaluating them. The issue of our forum using Google Analytics or not will be discussed with the relevant people and we’ll see if they want to change it or not. As you might be aware, there is no data, like referrer/history etc that is not already available to a local weblog analyser. Google is merely a web based version that is comparable to any other decent weblog analysers. for example, we also use sawmill as our weblog analysers and i have personally compared the data between the two, sawmill (a local weblog analyser) and google analytics and the data did not differ in great detail. the referrers were there and other information. I do sense that you don’t care for google analytics too much :). However, it did make our life easy as it connected our online spending for our other businesses with the traffic that comes to our website.

Anyway, please feel free to ask us any questions you might have.

Melih

Thanks for that twl845.

I guess this is a good test of any forum: To see how long people spreading FUD will be accomodated without any proof. As they say: Tell me who your friends are and I will tell you who you are… these kinds of FUD against anyone would certainly be not tolerated in our forums… but then again, we know why: Quality mods, quality users :wink: (:KWL)

LONG LIVE “MOD SQUAD”!!!

Melih