9u8y7t6rdxf

Member
  • Content count

    2
  • Joined

  • Last visited

  1. Released: ApexDC++ 1.3.3

    The connection is made to a Sourceforge server (from the strings in v1.3.2 it looks like apexdc.sourceforge.net, and update.apexdc.net from the v1.3.3 source), which whilst may be accessible by you guys, is ultimately controlled by Sourceforge. SF will have access to your logs (or would be able to create their own on their load-balancing proxies), so would be able to infer information about Apex usage and users if they wanted to. Sourceforge is owned by Geeknet Inc., a publicly traded corporation. I get my Apex exes from the same place as everyone else: Sourceforge's servers. My gripe is that the application phones home when started, and this behaviour cannot be turned off (by the average user). I know the justification for why the application downloads an XML file at each start-up, but it is still a privacy violation. If your bank decided that postcards would be cheaper to deliver your bank statements than envelopes (and pass on the savings to you in the form of better interest rates), then I'm sure you wouldn't be happy with the potential privacy violation. Your postman probably doesn't give a shït about your bank account, and SF probably don't give a shït about Apex users, but it is the principle of it. It is no ones business, but the user's, how often and when Apex is run. It also looks like Apex supports the ability to download something, and execute it, possibly all based on the content of the XML file. If your server gets owned, it could mean Apex users subsequently get owned. This mechanism needs to be turn-off-able at the very least! Whilst grep'ing the source, I also noticed that Apex's web interface uses style sheets served from www.apexdc.net, meaning the referer sent to you will contain the user's possibly private server address. I feel any supporting files for the web interface should be served totally from the user's computer. The user would be able to easily modify the web interface if they wanted, too.
  2. Released: ApexDC++ 1.3.3

    Is a third party, who happens to be a for-profit corporation that (nearly) no Apex users have any contract with, still contacted each time the user starts Apex with this change?