You're actually mistaken - let me explain
on
Mattel Spyware
·
· Score: 2
The invasion of privacy is the identifiable (by IP) information passed with the fact that the program was launched. That's no more acceptable than a TV (or toaster, or microwave, or vibrator (!)) that reports when the owner turns it on without his or her consent.
No, no. The application does not contact the server ever. Not when it launches or at any other time. There is a background process that talks to the server once a day (maybe every two days). The application just uses the JPEGs that were previously retrieved.
This may be annoying, it may be misguided, it may have been a stupid decision, it may be many things. But it is not an invasion of privacy.
Sorry about the copy protection - I was in the Systems Group, I didn't do apps. Sounds pretty stupid, though.
Re:I wrote that code - I'll tell you what it does
on
Mattel Spyware
·
· Score: 3
Where does Broderbund get off using a product someone paid for to pitch more products?
You mean like a newspaper or cable TV?
Seriously, how exactly is showing a 320x200 JPEG (for 15 seconds) that advertises a product you just might want to buy an invasion of your privacy? Admittedly, it's a little tacky, but so are many things in life. You don't have to look at it - you can check the "don't show this again" box that shows on each splash screen, you can choose not to install it in the first place, or you can make it go away by clicking on it (at least you used to, unless someone has changed it since I left).
And to head off another concern - it doesn't make the app take any longer to load, it just replaces the default splash screen that shows while the memory hog of an app starts up.
And where was the programmer with the developed sense of ethics to bring this to the attention of his employer? Right here, actually. I brought up the ethical issues numerous times, to the point of being a pain in the ass about it. The upshot? It was going to happen anyway, and what it does is really not that bad. If not for people like me complaining, you wouldn't even be able to turn it off.
I wrote that code - I'll tell you what it does
on
Mattel Spyware
·
· Score: 5
I always wondered when someone was going to find this. To address everybody's biggest concerns:
It is NOT spyware. It does NOT look for or send any personal, private, ot public information about you or your system. It does NOT use encryption - it uses PGP digital signatures. It was NOT designed for kids' products - it was designed for all products.
I worked for Broderbund from 1995 until about a year ago. Maybe 3 years ago, my then-manager came to me with an idea he had dreamed up for giving applications new and different splash screens every time they started up. This would give us the ability to pitch related products (if you had Print Shop, we could try to sell you Presswriter, or special clip art at Christmas) and tell you about upgrades. There was also talk about, eventually, having some form of 2-way communication with users. Thus was born Dynamic Splash Screens, or DSS. I had a number of big problems with the idea, mainly with the idea of advertising and with the obvious invasion-of-privacy issues. I pointed out (rather stridently) that we could have serious legal and P.R. problems with this, not to mention the heinous ethical problems, and that we were in danger of ruining our (at the time very good) reputation. Wisely, all ideas for this were dropped except for the splash screens. Pretty benign. Here's the communication protocol: Periodically (by default, once a day), the background app wakes up, pulls a list of IDs of installed DSS-enabled apps out of the registry, and sends then to the Brodcast site via HTTP POST. It receives an XML page, PGP-signed, that either says "Nothing new, go back to sleep" (99% of the time) or describes a new splash screen (name, dates to display, time to show, location of JPEG file). It then retrieves the pieces (generaly 2k chunks) of the JPEG, verifies their PGP signature, and reassembles them. When a DSS-enabled app starts, it looks in the registry to see if it has a new splash screen to show. If so, it displays the JPEG (along with a "never show this again" checkbox) for 10 seconds or so, instead of the app's normal splash screen. The PGP signing is to make sure nobody can hijack the URL and send bogus images. There is no encryption. Try this: take the XML page, remove the signature (between SIG and/SIG) , run the rest of the page through PGP with the key that a previous poster pulled out of dssagent.exe, and they *should* match. Nothing really secret here. That said, I was never really confortable with the whole idea. In fact, part of the reason I left the company was a plan (later dropped) to add "targetted advertising". While some of the comments posted here are way over the top (it's just plain paranoid to suggest rogue employees sending kiddie porn or stealing financial info), I agree that it was begging for trouble to do something like this. However, there was always (while I was there) a (relatively) clearly-stated installer screen that asked if you wanted this. Always. Regardless of what Simpson Garfinkel remembers. As to why the DSS agent was installed if the user said no, you can blame Install Shield and its charming installation scripts. Anyway, there it is. Annoying, misguided maybe, but not so sinister. Oh, and the Mattel-Broderbund connection? A bottom-feeding sleazeball company called Softkey bought The Learning Company, took them over like a hermit crab, then bought Broderbund (and ran them deeply into the ground), and was, in turn, bought by Mattel (and proceeded to lose $200 million for them in one quarter, putting Mattel CEO Jill Barad's career in the ground).
Slashdot Mirror
No, no. The application does not contact the server ever. Not when it launches or at any other time. There is a background process that talks to the server once a day (maybe every two days). The application just uses the JPEGs that were previously retrieved.
This may be annoying, it may be misguided, it may have been a stupid decision, it may be many things. But it is not an invasion of privacy.
Sorry about the copy protection - I was in the Systems Group, I didn't do apps. Sounds pretty stupid, though.
You mean like a newspaper or cable TV?
Seriously, how exactly is showing a 320x200 JPEG (for 15 seconds) that advertises a product you just might want to buy an invasion of your privacy? Admittedly, it's a little tacky, but so are many things in life. You don't have to look at it - you can check the "don't show this again" box that shows on each splash screen, you can choose not to install it in the first place, or you can make it go away by clicking on it (at least you used to, unless someone has changed it since I left).
And to head off another concern - it doesn't make the app take any longer to load, it just replaces the default splash screen that shows while the memory hog of an app starts up.
And where was the programmer with the developed sense of ethics to bring this to the attention of his employer?
Right here, actually. I brought up the ethical issues numerous times, to the point of being a pain in the ass about it. The upshot? It was going to happen anyway, and what it does is really not that bad. If not for people like me complaining, you wouldn't even be able to turn it off.
It is NOT spyware.
It does NOT look for or send any personal, private, ot public information about you or your system.
It does NOT use encryption - it uses PGP digital signatures.
It was NOT designed for kids' products - it was designed for all products.
I worked for Broderbund from 1995 until about a year ago. Maybe 3 years ago, my then-manager came to me with an idea he had dreamed up for giving applications new and different splash screens every time they started up. This would give us the ability to pitch related products (if you had Print Shop, we could try to sell you Presswriter, or special clip art at Christmas) and tell you about upgrades. There was also talk about, eventually, having some form of 2-way communication with users. Thus was born Dynamic Splash Screens, or DSS. /SIG) , run the rest of the page through PGP with the key that a previous poster pulled out of dssagent.exe, and they *should* match. Nothing really secret here.
I had a number of big problems with the idea, mainly with the idea of advertising and with the obvious invasion-of-privacy issues. I pointed out (rather stridently) that we could have serious legal and P.R. problems with this, not to mention the heinous ethical problems, and that we were in danger of ruining our (at the time very good) reputation. Wisely, all ideas for this were dropped except for the splash screens. Pretty benign.
Here's the communication protocol:
Periodically (by default, once a day), the background app wakes up, pulls a list of IDs of installed DSS-enabled apps out of the registry, and sends then to the Brodcast site via HTTP POST. It receives an XML page, PGP-signed, that either says "Nothing new, go back to sleep" (99% of the time) or describes a new splash screen (name, dates to display, time to show, location of JPEG file). It then retrieves the pieces (generaly 2k chunks) of the JPEG, verifies their PGP signature, and reassembles them.
When a DSS-enabled app starts, it looks in the registry to see if it has a new splash screen to show. If so, it displays the JPEG (along with a "never show this again" checkbox) for 10 seconds or so, instead of the app's normal splash screen.
The PGP signing is to make sure nobody can hijack the URL and send bogus images. There is no encryption. Try this: take the XML page, remove the signature (between SIG and
That said, I was never really confortable with the whole idea. In fact, part of the reason I left the company was a plan (later dropped) to add "targetted advertising". While some of the comments posted here are way over the top (it's just plain paranoid to suggest rogue employees sending kiddie porn or stealing financial info), I agree that it was begging for trouble to do something like this. However, there was always (while I was there) a (relatively) clearly-stated installer screen that asked if you wanted this. Always. Regardless of what Simpson Garfinkel remembers.
As to why the DSS agent was installed if the user said no, you can blame Install Shield and its charming installation scripts.
Anyway, there it is. Annoying, misguided maybe, but not so sinister. Oh, and the Mattel-Broderbund connection? A bottom-feeding sleazeball company called Softkey bought The Learning Company, took them over like a hermit crab, then bought Broderbund (and ran them deeply into the ground), and was, in turn, bought by Mattel (and proceeded to lose $200 million for them in one quarter, putting Mattel CEO Jill Barad's career in the ground).