There is a win10 store version which is acturally a spyware

[wicast]

https://www.microsoft.com/en-us/p/golden-dict/9nrzg2jhz9nt
This version will frequently send post request to https://goldendict-estatistica.com/update.
I've captured request and the request data is definitely user's privacy data.
Request looks like this

{
    "loader_hashes": "",
    "user_info": {
        "domain": "",
        "macs": [
            "00ffffffffff",
            "00ffffffffff",
            "00ffffffffff",
            "00ffffffffff",
            "00ffffffffff",
            "00ffffffffff"
        ],
        "microsoft_account": [
            "foo@msn.cn",
            "bar@hotmail.com"
        ],
        "username": "bar"
    }
}

macs field is the mac address I'm pretty sure because I have the exact same number network interface.

So just make sure there is no official release of win10 store version, I'm going to report this to microsoft store.

[hansmbakker]

@Abs62 @vedgy
Instead of only taking down the spyware, can't you claim the store entry and replace the bad entry with a clean version of goldendict in the microsoft store?

[vedgy]

I can't do that because I don't use Windows and don't compile GoldenDict on this platform.

[hansmbakker]

Ok, I understand. Do you think anybody else from the goldendict maintainers could do it?

The reason I'm asking about the maintainers is that likely Microsoft needs some proof that the takeover claim comes from the original developers (otherwise anybody could take over other apps)

[vedgy]

Do you think anybody else from the goldendict maintainers could do it?

Since none of the GoldenDict maintainers has replied in this issue or (it would seem) taken any action yet, the chances of that happening any time soon are slim.

[vedgy]

So just make sure there is no official release of win10 store version, I'm going to report this to microsoft store.

@wicast, have you reported the spyware to Microsoft? Any reply?

[wicast]

@vedgy reported but no reply at all :(

[vedgy]

Maybe they wait until multiple users report an app before spending time on investigation. Or Microsoft simply doesn't care if someone other than itself spies on its "users".

[loyukfai]

Seems this is a dilemma... Main dev is nowhere to be found (perhaps affected by COVID?), and only people still developing and providing new binaries this are GPL violators.

So people are somewhat forced to use builds with dubious quality.

[nonwill]

Main dev is nowhere to be found

So people are somewhat forced to use builds with dubious quality.

Probably the Main dev busy opening companies to earn money: but if companies like Eudic can sell a high-quality commercial version of GoldenDict, the price of RMB ¥128 would not give people the feeling of being very expensive and no one would care about violation of license.

The future of GoldenDict should not up to the main developers, but to bring in new and active developers - but it seems like a confusing and difficult thing.

There is never a shortage of flooding in the community. Excluding those who are flowing with saliva & harrumphs, users should have the self-awareness of voting with their feet or with their hands.

[loyukfai]

Main dev is nowhere to be found

So people are somewhat forced to use builds with dubious quality.

Probably the Main dev busy opening companies to earn money: but if companies like Eudic can sell a high-quality commercial version of GoldenDict, the price of RMB ¥128 would not give people the feeling of being very expensive and no one would care about violation of license.

The future of GoldenDict should not up to the main developers, but to bring in new and active developers - but it seems like a confusing and difficult thing.

There is never a shortage of flooding in the community. Excluding those who are flowing with saliva & harrumphs, users should have the self-awareness of voting with their feet or with their hands.

The original developer selected GPL as the license, and so anyone who builds on top of his codes should respect it.

If you were the original developer and someone stole your codes and make money off them, what would you have done?

[nonwill]

If you were the original developer and someone stole your codes and make money off them, what would you have done?

The thief who steal sweat of others to make money will always be thief. SO closing the source or giving up maintenance is just fine for me.
The tree that is rotting from roots is very difficult to save. But was the original developer thinking the same way? Maybe you can ping them for a answer.

[ghost]

There is never a shortage of flooding in the community. Excluding those who are flowing with saliva & harrumphs, users should have the self-awareness of voting with their feet or with their hands.

@nonwill Your behaviour is wrong for several reasons and you are loosing trust:

1. nonwill is stealing code from others to make money
2. nonwill violates the principles of Free and Open Source Software (GPLv3)
3. nonwill GD++ phones home to spy users
4. nonwill GD++ modifies/deletes user files without consent (malware behaviour)
5. nonwill promotes Communist Propaganda on its spyware (e.g. Celebrating the 100th Anniversary of the Chinese Communist Party)

nonwill behaviour is shameful ! users BEWARE !

Xí Dàdà should punish nonwill... 🗡️

[nonwill]

@FyTpodQUuWvQNTh

Is your name marreromarco that shameful?

[loyukfai]

@FyTpodQUuWvQNTh

Am disturbed by this open and blatant disregard of license and copyright on GitHub as well.

But let's stay civil and avoid... off-topic stuffs.

Let's see if there are any ways to contact the original developer and/or GitHub staffs.

[nonwill]

But let's stay civil and avoid...

It should be @FyTpodQUuWvQNTh(marreromarco)s mother's umbilical cord was not cut short when it was born. Just to help you get to know this premature and difficult baby:

[ghost]

@nonwill many users are uninstalling your spyware ! You were exposed and everyone on FreeMDict and PDAWiki is doubtful about your fork with malware features.

As nonwill said "The thief who steal sweat of others to make money will always be thief"....

You are stealing code from many developers and your words are true....

[loyukfai]

OK, so you two have beef. I get that.

But that is not a valid justification for violating the license.

Perhaps the original developer is gone, that doesn't automatically give anyone rights to disregard his last explicitly expressed will.

Anyhow, this is a difficult situation. I'll try to raise it up and see if anyone can reach the original developer or know his/her status.

[ghost]

@dragonroot As you are the original developer of GoldenDict, could you please help us claim the GoldenDict app on Microsoft Store ?

The original developer is a Linux user (Konstantin Isakov). However, spyware on the Microsoft Store should not be accepted because they damage the reputation of this wonderful FOSS Project.

[nonwill]

FreeMDict and PDAWiki

Thank you for the reminder again. Just have one more beef: