On Sat, 2010-02-27 at 09:54 -0500, Dave Veilleux wrote: > Here is a snip from devojrx7 on www.fox16.com..
that appears to be FUD which is spread by either a malcontent or an uninformed user (or both?). The softphone they use embeds internet explorer to render the banner ads it displays and such. Since IE is used by many users for other things there is on occasion some data within the IE memory space such as browser history. This data is not actually sent by anything I have seen to magicjack. With that said, I do believe that magicjack does monitor what you call so they can display ads relevant to that. For example if you call a pizza delivery number expect to start seeing pizza adverts in their client. This is totally different from "stealing your private data" since you implicitly are requesting that the telephone number you call be sent to the provider you are sending the call through. A good understanding of what it is they actually sell shows they are profitable without having to resort to stealing data, and wouldnt the theft of data be a crime or at least appear in the TOS? With the sue happy nature of people if their claim of signing up 250,000 people per week to the service is even remotely true surely someone somewhere would have noticed this and filed a class action lawsuit, the most preferred by lawyers since they tend to make out really well. For reference, google voice is free, ebay is $3/month (or are they $5 now?) the $1.70 (with a 12 month prepayment) a month magic jack charges does not seem too off the wall. They do have money since they bought tigerjet (makers of the chip in their dongle) and softjoys (maker of sjphone, their softphone) and are owned by the same shell company that owns ymax (a clec). This money would not put them out of the league of ebay (which at one time was free to call) or google in this sphere of technology. When I used IDA pro to figure out the nonce details I did not see any theft of data, I did not see anything that was sent that was not required to be sent to authorize the account, place the call or request only a banner image from them. fiddler2 makes it easy to see what is sent (the "dbkey" http variable contains a username, password and other stuff in a hash, its format is not terribly difficult to figure out). -- Trixter http://www.0xdecafbad.com Bret McDanel pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721 -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
