Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Magical Jelly Bean Keyfinder — Possible adware? #588

Closed
wjk opened this issue Feb 15, 2017 · 2 comments
Closed

Magical Jelly Bean Keyfinder — Possible adware? #588

wjk opened this issue Feb 15, 2017 · 2 comments

Comments

@wjk
Copy link

wjk commented Feb 15, 2017

I was wandering around the community feed and found this gem in the license for the keyfinder package (line-wrapped for readability):

3RD-PARTY SOFTWARE
OPENCANDY END USER LICENSE AGREEMENT
January 26, 2010
 
This installer uses the OpenCandy network to recommend other software you may find
valuable during the installation of this software. OpenCandy collects *NON-personally
identifiable* information about this installation and the recommendation process. Collection
of this information ONLY occurs during this installation and the recommendation process; in
accordance with OpenCandy's Privacy Policy, available at www.opencandy.com/privacy-policy

OpenCandy is considered adware according to Wikipedia; in addition, I didn't even have to look it up to know what it was. Since this package has been marked as trusted, I assume that this adware is not installed by default. However, I cannot see any code in the installation script that explicitly bypasses the adware. What might well have occurred is that this adware is no longer included with the software, considering the date in the snippet above; it may be worth mentioning this fact in the package description. (Of course, if it transpires that the adware is not bypassed, this package should be removed from public view immediately.) Thanks!
@AdmiringWorm
Copy link
Member

Sorry, I must have missed this somehow.
I believe the opencandy adware module is no longer a part of keyfinder (based on that additonal programs installed, no additional dlls and no background web request detected through fiddler).

However, since it is part of the official license provided by the developers, we cannot remove that text from the included license.
Also to note.
Adware is not the same as malware (which is disallowed on chocolatey.org of course), as such it wouldn't really make sense to remove it from public view even if the module was still included.
Is adware undesired by many users? Of course, it most likely is.
Is it grounds to remove software containing adware? No, not unless it also contains malware or viruses.

@wjk
Copy link
Author

wjk commented Feb 16, 2017

@AdmiringWorm Thank you for your response; that is what I thought. Re the adware-vs-malware issue you mentioned: This is definitely something where there is difference of opinion between various users. My belief is that Chocolatey should have a zero-tolerance policy towards bundled adware that has not been bypassed, but I do not run Chocolatey, now do I? 😄 Thank you for your response regardless.

@wjk wjk closed this as completed Feb 16, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AdmiringWorm @wjk