What user data does Comodo collect?

Does it say anywhere in the Terms of Service or Privacy Policy if CIS or CFW collects user data?

If so what data is being collected?

Recently, with using Panda Cloud AV free, I came to know about an option there to monitor processes as well as monitor the URLs accessed by each process. After using it for a little while I realized that my entire browsing history is stored and possibly sent back to Panda servers. Currently still waiting to hear back from them about this since I could not find any thing about this in their TOS or PP.

Does CIS/CFW also do this?

Let’s say if Website Filtering is turned on, is a log of the sites that are allowed and visited as well as a log of the sites that are blocked sent back to Comodo servers?

What about logs of the entire firewall, all things that are blocked or all things that are allowed. Is this also sent to Comodo?

If not where does it say so explicitly that this is NOT happening?

Interesting topic, TechnoSoul.

Would be nice if it were possible for Comodo to make an official statement regarding this very aspect, something similar to Emsisoft’s statement maybe?

I really would like to know how CIS compares to other well known security software out there.

(As direct linking is not allowed, please check out the pdf link to the comparison mentioned in Emsisoft’s blog linked above, if interested).

Kind regards, REBOL

http://www.comodo.com/repository/privacy-policy.php

[...] Questions about this privacy policy may be submitted by an email to privacy[at]comodo.com. This privacy policy applies to each of the Comodo entities, but not to Comodo's partners or affiliates, which may have separate privacy policies. [...]

Thanks qmarius, I already knew that link in fact, yet I’d prefer Comodo to DISclose exactly which kind of data is being collected by CIS and to what exactly, in detail, the mentioning of certain “third parties” privacy handling does refer “in realiter”. I don’t think Comodo’s privacy police is concrete enough at this very moment. Unsatisfying, to say the least. Sorry to have to say so.
I really think such things are necessary (sad to have to insist on that) in our times, especially regarding the frequently invoked term “trust”, that is.

Please let me (indirectly) quote Emsisoft here (with some small “emendations” done by me since their “English” blog version isn’t totally free of translation errors).

"No doubt that "internet privacy" as such has become more of a memory nowadays. So what can you do as a normal user to at least enhance your privacy when going online? Well, there is actually a lot you can do. But the most important thing is to start being aware about who you trust, and with whom you want to share your data, so to speak. So the first step is to be aware and critical and to choose with care who you want to trust. Personally I think that online privacy will be a competition benchmark in the future."

Kind regards, REBOL.

Just saw that PDF as well on another forum and might pretty much go out and marry Emisoft straight away, not only for their great detection rate but exactly for the reason they are mostly green in that PDF. This is well worth my money.

Back to CIS. Where can I find the EULA for CIS please?

The PP does talk about the Comodo site and its services & products but to know if for example Website Filtering sends back a list of URLs visited to Comodo servers one would need to find the EULA for CIS and if not in there email privacy@comodo.com.

Before I go further with this I am awaiting a link to the EULA for CIS and if there is any for using Comodo Firewall and Comodo HIPS in particular.

Further investigating this I might as well send the questions lined out in that PDF directly to the email address provided by Comodo though I am more interested to read the EULA first.

Thank you for your informative and helpful participation.

Yes, Emsisoft seem to be very openly speaking about that.

Please remember, though, since they’re one of those few “not US based” companies, they might be facing way less “pressure” from “holy government above”, at least at the moment.
Btw., I’ve been already asking those questions here at the forum in May, yet my posting has never been given an answer.

https://forums.comodo.com/general-security-questions-and-comments/comparative-av-test-data-transmission-of-security-produkts-2014-t104271.0.html;msg758799#msg758799

Your questionings and your doubtfulness are good and necessary things in my opinion, whilst I would never directly blame a company for FEELING they HAVE TO FOLLOW their home (even if totally doubtful / questionable) legislation - yet, I’d await from every (wo)man owning a company based in a so called “democratic” state to use his / her holy right to speak the truth out loud, even if under pressure / threatening (which by the way should never happen in a truly democratic state) to use any true democracy’s very fundamental right to openly speak out to the people who are expected to “trust” in return.

Thanks, REBOL.

As we all should have learned by now - if not by Bill Binney, formerly the NSA’s technical leader - that the NSA (just for an example, there are quite some OTHERS one could easily compare without hesitating) is acting in a “totalitarian” attitude totally in disaccordance with some of our most monumental democratic values, including human rights, I sincerely DO CONCLUDE and will dare to state here that NO single human being that regards itself as one believing in the most fundamental democratic values is in any way - at least not morally, that’s for sure - obliged to follow any “gag orders” or the likes. He / she is not.
If any so called “democratic government” is trying to make you believe otherwise, there’s got to be something severely wrong with that gov.
I think I do know what I’m talking about, we had, amongst others, Gestapo and Stasi in our national past.

So I might be allowed to ask the following question now:

Are US based software companies allowed / willing to tell the whole truth about their “honest commitment towards” and / or “government-jurisdiction-induced” breach of privacy at this very moment?

Yes, we can...

Who said that, again, please? Can’t remember. Either way, I doubt the honesty of some people way up there, and therefore: no trust by MorphOS REBOL.

Only reason I’m still here is very possibly the “human factor”. Nothing else.
I’d really miss some of you, including the CEO. :-[
And I don’t intend to ever give up personal friendships because of certain unjust legislations in countries I am not a citizen of. I won’t.
I always felt great sympathy and deepest respect (I’d even call it “love” somehow, yes indeed :-[ ) towards Comodo as a company, towards the team, towards many of the forum users here.
And I still do, somehow, as you may or may not believe after all those years.
I’m really scared of our’s and our children’s future regarding the momentary status of a certain thing called “our world”.

Yet, I sincerely do fear, that the majority of people will learn it’s lesson the hard way, i. e. getting a clue of what’s going on only when it’s much too late.
I’ve got some kind of bad taste on my tongue. Words like “deterioriation” of basic values and “pejoration” of political reason just spring to my mind atm.

Don’t ever follow leaders if you believe in demo-cracy, an old greek word which by pure definition means: power to the people (not the politicians). Thank you.

Kind regards, REBOL.

Given your post has not received a reply and the EULAs listed here Legal Repository Agreements for Comodo Cybersecurity Solutions in the tab “Comodo Security Solutions, Inc.” do not say anything about version 7 it looks like I have to take this a step further and contact Comodo directly either on their email as a private user or through an organization or a lawyer.

I think it is imperative to know what the product does that I and many other people use. Not being able to find the EULA for the latest version alerts me. Though I think it is presented upon installing CIS if I am right? Not sure though.

Concerning the political implications of this (thank you for your longer posts and rants), yes it is indeed sad to see governments and humans are not evolving at the speed that technology does evolve. One would think with so much tech at our hands we would use it better but instead this is purely used to worsen the situation of the weaker. Forcing IT companies to comply with such behavior in search of even more profit and control tops all this.

Being from Bavaria and speaking German is nothing to be ashamed of, in contrary, you can be proud, the world’s best ■■■■ is from there and Germany’s best schools and toughest exams are held in Bavaria. Keep you head up and your nose in the wind, don’t give up and most of all NEVER give up hope or belief in your fellow human beings. Don’t let a few ruin the party for the rest of us, there is always a few black sheep and making an effort and having solid morals and principles will reap positive results in the end.

How else would we have made it so far if not with this positive attitude. Don’t mind the party poopers and they get to you go dance at another party. Sooner or later they will see that also the general population will voice so much concern that change in the highest ranks will happen. Just look at the revelations that this brave man Snowden dug up. I am sure there is loads more people like this and there is a lot of positive things happening.

Dark Mail, BitMessage, MailPile, non logging European VPNs with 100% transparency, always increasing bandwidth and a broadening of the network infrastructure, EmiSoft not to forget and I am sure there is also a 100% non logging Firewall vendor out there and if there is not just buy a 2nd hand laptop and slap Pfsense on it and use that as router for your real box, I am 1000% sure Pfsense et al do not send data back to… well yes to whom actually, the open soruce community that developed this software.

You see there IS a lot a good things happening and if people in IT make a change the rest will follow since IT has become THE most important part in every smaller and bigger business not to speak about in billions of every day users lifes, so if IT jumps on the train, and this train is already traveling at high speeds (Google implementing Perfect Forward Secrecy and asking other big players to join, Wired speaking about seeing the whole of the network traffic being encrypted by a NON NIST certified encryption, and so on and so on).

On a general notice I am thinking of going Linux/FOSS.

In the end my data is MY data and no one’s else. Given I don’t need M$ for the work I do I might as well tackle this once and for all and while doing so with a very high probability sleep much better and deeper at night. We will see.

Really enjoyed reading your words, (Techno)SoulBrother

Kind regards, REBOL.

Well, if you do find errors and lack of information you should contact them trough that email. It’s a pretty big deal as laws are not so friendly.

Hi TechnoSoul,

[b]Updates. [/b] Comodo is not obligated to provide updates to the Products. If an update is provided and the update is not accompanied by an additional agreement, this agreement applies to your use and installation of the update. Some Products update automatically without notice.

Kind regards.

So this means that the EULA that is available is also current for the latest version I assume?

Or does this mean Comodo is not obliged or exempts itself from presenting a current EULA for their latest release of CIS?

Still I will try and get Av comp on this case and see if they can include CIS in their next evaluation. Now I am really interested to find out.

It means that if Comodo do not publish an EULA for CIS 7, then the previously published EULA (in this case CIS6) is taken as being applicable to the currently released version (CIS 7).

AFAIK, no software company is legally obligated to publish an EULA. They are mainly used to define 1) the limits of the authors responsibilities and accountabilities and 2) the terms, duration and limitations within which the end user can install and use the product.

Cheers,
Ewen

P.S. I’m no lawyer and do not work for Comodo, so anything I say here is purely my personal interpretation.

Still, I’m waiting for possible (or not possible? I’m just asking 88) ) answers on this:

https://forums.comodo.com/general-security-questions-and-comments/comparative-av-test-data-transmission-of-security-produkts-2014-t104271.0.html;msg758799#msg758799

At least I took the time to re-write those questions and not post the original pdf since that wouldn’t have been appreciated. I know.

So (well, yes, I’m asking this again now), is there any possibility existing that Comodo “may” please give any answers on those questions?

At least I hope for that, I mean… And if not, please tell us why not.

Kind regards, REBOL. Still in love with Comodo, but heavily in doubt regarding certain “more recent acts” (20 years or so…) of US “legislative corrections”, or, let’s rather call it “lawful interception” (I’d rather call it doubtful “interceptions” of common US “law”, if you please…)

Thank you.

Just had a client today that needed a new system set up from scratch and naturally I banged on Comodo CIS for protection. Not doubting the power of the FW and generally happy with the product.

Would just be MUCH more happy to know what is going on in the background. Of course this can be done with WireShark or with Virtualization however such tests are tedious and take time that I don’t have.

Though passing on this request to have AV comp org look into this would surly be an option. If we get enough people to or form a little group of people that sign an online petition or send the same email to AV comp org with a link to this thread they might thoroughly test CIS and possibly include it in the next round of results.

I have not had the time to write to privacy@comodo.com just now but should be able to tackle this in the coming week.

If this reaps not outcome I will try a get a little group of people interested in an official result from Comodo about this together and try to get AV comp org on the case.

@panic, yes is what I thought, so the old EULA is for CIS 7 as well. During install there is no EULA showing up. Not trying to put down Comodo or push it in a corner, just trying to find out what really is happening and to be honest a company of this size and reputation should really not let users in the dark about what is being collected and what not, especially not in the wake of recent events. Web 3.0 is knocking on the door, people are MUCH more aware of what is going on and even every day users are more more security and most of all privacy driven than couple years ago. I think this is definitely a positive change in the right direction. Either that or we are all just guinea pigs and every company from tiny to huge uses our date to make more and more $$. It is our choice in the end.

On a side note I am heavily flirting with these at the moment. Really worth your time if you care just a tiny bit about your security and privacy.

Thank you, friend, as always, for your intelligent, kind words. :-TU

“You took the words right out of my mouth”, so to speak. I won’t link that awful (just personal taste) song, though.

Kind regards, REBOL.

@Rebol just setting up Linux Mint for the first time and it looks and tastes so ■■■■ nice, a TRUE alternative, PLEASE do yourself a favor and check it out if you have not already Rebol, totally worth your time.

Topics like this one and having to WAIT for a corp (whose main business is protecting the user, user security and user privacy) to get in touch about a genuine user question that is totally justifiable in this day and age can then be forgotten once and for all! A system from the user for the user with the user in mind and with the ability to chat and talk to directly of the authors of the system being able to influence it and adjust it to user’s needs.

When I work on that new system now I have a total different psychological approach, it is like sitting at a desk in the middle of a nice fresh green garden with a clean river near by and birds happily chanting away, sun is shining and the air is clean, I know I am NOT being watched and I know I am FREE to do what I want to do without any one trying to turn me into a data barfing guinea pig and making immense amount of $$ with my data.

What I do on my machine, what I do on the net, what sites I surf, what software I download, what interests I have, what books I buy, what music I listen to, what photos I look at, what games I play, all this info is MY DATA and purely mine and no ones else. Think about it, please do.

I am amazed and my newly found true freedom not having to sieve through hundreds if not thousands of processes and thinking if I block this will another one still send data and if I block them all can I still access the net and what does this hidden process do and what if I have forgotten to set this or that is HIPS and so on and so on and so on in all eternity. NO I AM NOT A SLAVE ANY MORE. I AM FREE AT LAST.

Taking a deep breath and trying to apprehend the loss of weight that was on my mind all these years using Windows and software for Windows. They are all in bed with big data and big data is being ■■■■■ by the American government, most of all the NSA not to talk about all the other governments that try to get a piece of the cake as well.

This is like when the German boys one the world cup just recently, you really just have to sit down and think, wow did we really come this far and have we really managed to achieve this? Why or why was I NOT listening to my IT friends years ago that always had this sort of grin on their face when they saw I am still using Windows asking me “don’t you want to give it a try and see how it is being free from all this ■■■■?” Oh why did I not listen earlier!! Silly me!!!

My eyes have been opened, my digital soul is free at last, the beginning or a completely new time for me when sitting in front of the box. Hura!!!

So, just to clarify that. You want an OS and Software that doesn’t send any of your private data and problably installed, at least recommend using Linux Mint (no Info about DE so i guess even Ubuntu)? Well i believe as long you don’t use any packages you might be safe, else you might wanna check this thread. As remark on LMDE check this. Did you check All Projects - PRISM Break? Btw. don’t trust that site alone, it’s just an easy, yet good overview on trustable software.

About that “easy install and go resp. relax” - what about your phone? You don’t have to:

• Check how to unlock/root your phone
• Install your trusted rom of choice and keep it updated
• Remove proprietary parts
• Using XPrivacy to protect against apps spying if you rly need them
• Using a way to keep your apps updated and your privacy (is F-Droid rly enough? If using no gapps/microg doesn’t at least google still get what you’ve installed?
• You still have to check on malware, if you don’t keep your OS updated you are even more as risk due to silent sms f.e.
  etc. etc. etc.

Users who can read german or have a trustable translation method can take look into Your Phone Your Data – Android ohne Google?! Teil1 ⋆ Kuketz IT-Security Blog (+ff) f.e.

It can never be a universally satisfying answer to just change one’s OS.

Something else has to change, it’s high time, and, well… most of us know it.

Thanks for not “listening” ironic to what your people don’t want or are really in need of, dear governments of our world.

Of course you’ll be listening close enough right now.

Cheers, REBOL.

Yes I did mean Linux Mint when posting about Linux Mint above. Is that NOT secure you tell me? What do you mean with “no info about DE and Ubuntu”?

Mint comes from Ubunutu I think I learned recently and is different since it includes proprietary software but also get updated much faster and listen to user input much more. At least I think this was mentioned on DistroWatch.

Can you go into a little bit more detail here? I am so new to all this so happy to gulp down any handy info not too technical I can get my hands on. Thanks for any clarification with this.

Yes, frequent that site and see there are some apps in the trusted column that should really not be there but it is a start at least.

S4 rooted but thinking about going with Cyanogen soon. As you mention too many darn apps that I never wanted and never use. Thought the default OS clean but hey I forgot this is Google we are dealing with. A clean Android OS would be excellent, hell I would even pay hard cash for something like that.

Great list of things to do. ONLY just recently got a S4 and had an old (analog) Nokia (just phone and sms) for the past decades. So yeah still have to get up to date with the latest OS for this S4.

What is silent sms f.e.?

What is (+ff) ??
What is f.e. ??
Will try and check that out. EFF is AWESOME, use their HHTPs everywhere since day one. Also The Ultimate Privacy Guide by bestvpn.com ain’t bad.

Gosh, there is so much **** going on these days it seems really hard to be able to sit down relaxed at a computer and do your work. Btw all questions are meant serious, I am just so new to Linux and all that, if you find time to clear up the one or other please do, even in this thread.

Best Regards