lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20031205094847.18688.qmail@sf-www2-symnsj.securityfocus.com>
Date: 5 Dec 2003 09:48:47 -0000
From: Alexander Falk <al@...ova.com>
To: bugtraq@...urityfocus.com
Subject: Re: Altova XMLSpy "phones home" user data


In-Reply-To: <86ekvlkvmn.fsf@...e.nest.cx>

>>>>>> "Bruno" == Bruno Lustosa <bruno@...tosa.net> writes:
>
>    Bruno> ... whenever someone will launch XMLSpy, the
>    Bruno> program will try to connect to Altova's servers, send some
>    Bruno> user info through a POST to a web server, and wait for a
>    Bruno> response. 

That is correct, this is a process described in our EULA in Section 1(k) Software Activation and Section 1(l) LiveUpdate. Please see our EULA for details, which is available on our website under this URL: http://www.altova.com/order_license4.html

>    Bruno> What bothers me is that
>    Bruno> it's sending user information that was _not_ entered into the
>    Bruno> program. It sends user name used to register the program, and
>    Bruno> it also sends an email address that I'm almost sure was not
>    Bruno> entered into the program.  

This is incorrect insofar as the information transmitted is data that has been entered by the user into the Registration dialog (Help menu / Registration). This does include the e-mail address, provided that the user has entered this into the Registration dialog when requesting an evaluation key-code from our license server.

Regarding the collection of e-mail addresses from users of our software, who are requesting an evaluation key-code, please see our strict privacy policy, which is available at this URL: http://www.altova.com/privacy.html

Altova takes privacy and security very seriously, and we believe we have properly disclosed any legitimate anti-piracy measures in our product in the EULA.

Sincerely,

Alexander Falk
President & CEO
Altova, Inc.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ