[Released: ApexDC++ 1.3.3]

This has never been done... the connection that is made is made to web space that is under our control and all that happens is that an xml file, for the update check, is downloaded and parsed by the application... the file itself is never even saved on your hard drive.If you or someone else has been using a version that connects to some for-profit third party, then I suggest that you check where you get your executables from. Also I would be more than a bit interested in what this for-profit corporation is?

The connection is made to a Sourceforge server (from the strings in v1.3.2 it looks like apexdc.sourceforge.net, and update.apexdc.net from the v1.3.3 source), which whilst may be accessible by you guys, is ultimately controlled by Sourceforge. SF will have access to your logs (or would be able to create their own on their load-balancing proxies), so would be able to infer information about Apex usage and users if they wanted to. Sourceforge is owned by Geeknet Inc., a publicly traded corporation. I get my Apex exes from the same place as everyone else: Sourceforge's servers.

My gripe is that the application phones home when started, and this behaviour cannot be turned off (by the average user). I know the justification for why the application downloads an XML file at each start-up, but it is still a privacy violation. If your bank decided that postcards would be cheaper to deliver your bank statements than envelopes (and pass on the savings to you in the form of better interest rates), then I'm sure you wouldn't be happy with the potential privacy violation. Your postman probably doesn't give a shït about your bank account, and SF probably don't give a shït about Apex users, but it is the principle of it. It is no ones business, but the user's, how often and when Apex is run.

It also looks like Apex supports the ability to download something, and execute it, possibly all based on the content of the XML file. If your server gets owned, it could mean Apex users subsequently get owned. This mechanism needs to be turn-off-able at the very least!

Whilst grep'ing the source, I also noticed that Apex's web interface uses style sheets served from www.apexdc.net, meaning the referer sent to you will contain the user's possibly private server address. I feel any supporting files for the web interface should be served totally from the user's computer. The user would be able to easily modify the web interface if they wanted, too.

[Released: ApexDC++ 1.3.3]

We have also tweaked the behaviour of the update check to allow people more freedom to upgrade. If you select "Later" in the update check it will not remind for another three days.

Is a third party, who happens to be a for-profit corporation that (nearly) no Apex users have any contract with, still contacted each time the user starts Apex with this change?