[Declude.JunkMail] Phoning home redux

[Matt]

FYI, I'm not reposting these messages (below) for purposes of vindication, but instead because I was gravely worried about the potential of issues with the licensing mechanism and I felt that it was no less prudent to point these out before these issues occurred than I am now that they have.  Both Declude and their customer base is well served by people talking about things that concern them, and having these things not only listened to, but also understood. Re: [Declude.JunkMail] Declude Phone's Home http://www.mail-archive.com/declude.junkmail@declude.com/msg21231.html Mon, 04 Oct 2004 13:57:53 -0700 ... IMO, phoning home should always be optional and prompted. While Declude doesn't do anything insidious as far as I can tell in this case, I was previously upset about how the data from forging virus detection was collected and reused without asking for permission. There needs to be a limit to what is shared from our systems for obvious reasons, but there presently doesn't seem to be any clear boundaries. Burying disclaimers about what might be collected and reused deep in manuals is much the same as spammers harvesting from contests with their small print and open-ended disclaimers. It would be good to know exactly what is collected from our systems and how exactly it is used, and not make the disclaimer open-ended. Re: [Declude.Virus] Upgrade issues http://www.mail-archive.com/declude.virus@declude.com/msg11492.html Tue, 21 Dec 2004 18:38:56 -0800 ... My concerns are different yet also similar in some ways when it comes to this license verification process.  I want to know what data is being gathered by Declude and how it is being used, and I want to be notified before changes and given an option to not participate.  I also want to know about the pitfalls of the licensing mechanism so that I know the caveats before I am faced with the need to perform an emergency cold-switch. I understand that Declude has a well warranted concern about unlicensed usage of their software and improvements have to be made, however my hands can't be tied nor my or my customer's privacy violated in order to achieve this goal.  Hopefully that will not be the case here. There have been repeated assurances in the past and even currently that all the bases were covered, but they aren't.  I think that we deserve to know now what changes are going to be made that guarantee that these bases are covered in the future.  For instance, Declude needs to be able to function 100% independently of any dependence on a third-party to enable it.  This means that even if there is a 30 day grace period, following that period the software must function without needing to phone home successfully because no authentication system is guaranteed to survive years that may pass, a takeover, or a failure of the company operating it.  This also needs to be more readily accessible than a backdoor to unlock the software since that information may not survive these circumstances.  This can be done in a way that doesn't cause a breakdown in licensing enforcement. It's not time to complain, it's time to fix the issues and give us the confidence that things have been thoroughly resolved.  I can't imagine that any administrator around here would disagree in light of the past weekend's failure. Thanks, Matt