Community Toolbar Mobile Wibiya
Community Toolbar
Community ToolbarCommunity Toolbar
Community Toolbar > Conduit community alerts flaged as malware by A-Squared Anti-Malware
Power User
Conduit community alerts flaged as malware by A-Squared Anti-Malware
9/11/2009 2:31:10 AM
Share
A-Squared Anti-Malware flags conduit community alerts/alert.dll as malware.

[img]http://i25.tinypic.com/2d174v7.jpg[/img]
Power User
Re: Conduit community alerts flaged as malware by A-Squared Anti-Malware
10/11/2009 3:29:13 PM
I've been away a while, yet on my return it still amazes me that some people are still bringing up AMO etc. So lets just clarify the issue with AMO, the problem wasn't with the toolbars or conduit but with a small minority of Publishers that discovered a bug in the AMO system that meant anytime they updated their description of their toolbar, it would automatically jump into the top position, this pissed of the regulars at AMO and then the backlash started. CNET allowed conduit toolbars at first, but when AMO started griping, CNET took the safest route and removed all toolbars, however, this is no longer the case, and you can add to CNET.

Secondly, if you visit my site, we track your IP, browser type, plugins used, operating system, geographical location by country, pages visited, time on site, keywords used to find the site or referring URL. None of the information collected can personally identify someone, and is used so the site can be streamlined to our users needs. You will find most websites track their users in some fashion, so they can keep track of the sites performance and provide a better user experience, just like conduit toolbars.

Thirdly, the site you mentioned (make money from your toolbars) is by Guy Levy, whom I suspect is just another spammer as I have seen his named attached to many sites that have tried unsuccessfully to register within my directory, usually they are all on the lines of Make Money selling E-books, How I made a million with Google Adwords, etc. Any sites that start with Make Money....... is usually some form of spam or worse. If I was making millions online, why would I want to share my profits with you as well as increasing competition, does not make any business sense.

Fourthly, SiteAdvisor, although a good tool, it isn't 100% reliable, just do a Google search on them and you will find how unscrupulous competitors have used SiteAdvisor to damage their competition, as well as some other issues.

Lastly, theRay why the hell are you on this site, if you don't like Conduit or the toolbars, dont register to be a part of any service that they provide or download any of their toolbars. Simple
Mega User
Re: Conduit community alerts flaged as malware by A-Squared Anti-Malware
9/17/2009 11:27:59 AM
[b]theRay – thank you for your post.

I copied your post below and replied to your comments next to the “TW>>>” mark.

I hope that you will find the information provided below helpful.

Although this has become a long and detailed discussion I do think it is important to keep the discussion open and clear and answer all of the points you raised. we can continue the discussion in the forum and if you would like we are happy to continue it over the phone or in person in one of our offices. [/b]


@ToolbarWiz:

No, I got the part where you (Conduit) keep saying that toolbars are 'safe'. And I'm sure they are -  in a sense that they don't cause cancer or AIDS. Other than that - depends on what you mean by 'safe'. My point was that, in general, it appears that a Trust-e seal per se means just about nothing in terms of security, if not worse than nothing. And as such, it is nothing more than a marketing gimmick. Let's look at your other points.

[b]TW >>> your point about Trust-e is clear. that said, there are other opinions about Trust-e and endorsements that they get from more than 20 Fortune 500 companies that use their services so It may not be as one sided as presented in your post. That said, our job is not to judge or decide between the different articles that were posted about Trust-e, but to provide a compelling and safe experience to our publishers and their users. Since I do not work for Trust-e I have no intention of speaking on their behalf. I can only speak on behalf of Conduit and since I was personally involved in the certification process we undertook with Trust-e I can share with you that it took us a few months and included an audit of our technology as well as significant legal commitments on our end. If you would like - we are more than happy to invite you over and share with you the related documents and activities as part of the process[/b]. 

[b]In addition, If you are familiar with any other certification service that you would consider as better and think that we should use, please feel free to suggest and we will take a close look at them based on your recommendation. If you can help us find a better technology we will not hesitate to switch and we are open for a discussion here. [/b]

>>Our technology has been used in the past 5 years by more than 200,000 publishers and their 60,000,000 users from all over the world
Sixty million flies can't be wrong? What percentage of those are tech savvy enough and/or are actually aware of what data is being transmitted to Conduit every time they use the toolbar? 0.00000001%?

[b]TW>>> My point was that the fact that 200,000 publishers (blogs, sites, brands, forums, developers, etc.) and their 60,000,000 users are using the technology means that there is a good chance that the technology is actually useful and safe. Yes – there is always a chance that 200K publishers and 60M users can be wrong (at least statistically) and I’m sure bigger surprises may have occurred in the history of business and technology. However I think that the wide adoption generates a certain amount of credit that will not be eliminated  unless substantial facts can be presented (in other words: conspiracies can happen here and there but they don’t really happen that often, so convincing the opposite requires some solid facts).

With regards to the data that is sent: as we have always stated - the information that is transmitted is anonymous and non personal. We have no idea who the user is and to be completely honest we could care less about users’ online activity since user data is not part of our business model and it is not an asset to us.
How is the data that is sent different than the data sent from other popular client add-ons like Google or yahoo or MSN toolbars? Or for that matter most of the interactive client software applications available today?
That said, if you have any insights or recommendations we can use with regards to changing or improving our technology or adopting better practices please let us know.

We can definitely relate to and understand if you have previous concerns about browser technologies. These concerns may very well be justified as a result of the activities of notorious companies that were doing a lot of bad things to users in the last 10 years (and some of them are still around). But Conduit’s model is different. We do not build or distribute software - we provide a platform that can be used by anyone, therefore we are not in the business of communicating with users. We do not collect personal user data and we do not sell it. it’s not only a part of our policy but also an important part of our business model and we were always clear about it. In addition, because we are so confident of our policy and our model we have also contractually and legally committed to maintaining these policies in our most strategic legal agreements. If you would like, I’m more than happy to share with you some of these agreements so you can see how much we have to lose if we don’t follow these strict policies.  [/b]

>>Among our clients are well known brands

And? Since when are the big corporations against detailed consumer stats? Smallprint makes it all nice and legal.

[b]TW>>> you are wrong (and also making very serious accusations here…) for the sake of argument, if your theory is right, then not only that Conduit is doing bad things, but also many well known companies and brands (with millions of trusting clients around the world) are knowingly doing bad things to their clients and they are covering it up using small legal print so they can continue to spy on their users. Do you really believe that this theory is right? Blaming Conduit is one thing but blaming all of our strategic partners? What are you basing it on? what are those “detailed consumer stats” that you are referring to?  Are you seriously suggesting that the partners that use our services are in fact using us to spy on their users? And in that way they can circumvent their own privacy strict policies and legal commitments?  OR are you suggesting that we are spying on their users? Do you really think they would let it happen?

My point with regards to the trust we get from our partners was simple: unlike smaller companies, big organizations have large IT groups and experienced audit and legal teams that will do whatever they can to protect their organization. Not to mention public companies that have regulated audit processes to approve all of their partnerships and technologies. If you were ever in a contract signing process with one of those large corporations you probably know that it takes a few months and can involve up to 30 people from different departments that their job is to examine every aspect of the business, the technology and the policies to make sure everything is clear and approved.

Are you also suggesting that Benchmark Capital (that is heavily involved in Conduit’s activity) is unaware of those activities? Or even worse:  are you suggesting that one of the world’s leading technology venture capital firms (that backed eBay, AOL and many others) is part of the plan as well? In case you are not familiar with due diligence processes that VCs like to take I can assure you that no sane VC (especially not one with Benchmark’s reputation) would invest $8M of their money in a company without making sure that the company and the technology are safe and customer friendly OR without taking a thorough due diligence.

If you would like, we are happy to share with you more information about the facts listed above and provide you with references. If you want, we can let you speak with our partners, our VC or any other entity that works with us that you would consider trust worthy. [/b]

>>Our company was covered in the world’s leading business and tech publications

Well, great. So Conduit is interesting/sucessful/big enough to be press-worthy. It does not mean the press endorses you or makes guarantees about your software. Conduit toolbars are banned from CNET/Download.com, that much I know. By the way, why don't you include the links to the actual publications in the quotes section? The comments there are interesting too, like this one, to an article I picked randomly:
http://www.techcrunch.com/2009/06/23/conduit-creates-marketplace-for-toolbar-content/#comment-2845057

[b]TW>>> If you read all of the posts that covered Conduit you will definitely find some unfavorable comments here and there. unfavorable comments are part of the price of getting exposure in leading publications (or any publications) and you can find many unfavorable comments written about Google, Microsoft, Facebook, Twitter and basically anyone else.
You can easily search Google and find millions of posts about the world’s leading technologies some of them are good and some of them are bad but the point I was making about being covered in the media was simple – the media found the technology and the company interesting and press worthy and that’s yet another point that you have to consider while posting your theories about so called spying activities. 

It is also important to clarify a few points about Cnet or Mozilla AMO – Conduit as a company or as a technological solution is not banned from Cnet or Mozilla and there are in fact add-ons and software that was created by publishers using the Conduit technology that is available on both Cnet and Mozilla.
Cnet and Mozilla  have no issues with our company and we are in communications and in a good relationship. The only issue that Cnet and Mozilla have raised with regards to our technology is related to volumes and to the screening of applications and submissions. The explanation for that is simple: since Conduit has eliminated the barrier of creating software (anyone can now build a branded software with no engineering skills) the number of software publishers and add-on publishers has dramatically increased. Unfortunately with this blessed increase there was also an increase in spam and it looks like a few opportunistic entities (that had no unique content or supportive communities) were spamming both Cnet and Mozilla with affiliate focused applications that had little value to end users of Mozilla and Cnet. Because of the volumes and the nature of the applications it makes more sense for those platforms to approve publishers only on a per case basis and  not automatically accept potential spammers.

Please note that Conduit is a platform and as such we do not make or distribute software. Since a few publishers of ours that offer unique content that can be valuable to Mozilla and Cnet asked for our help we have facilitated a discussion with Mozilla and Cnet and are working with them on a per case basis to approve such publishers. In addition, a few of the Mozilla AMO publishers have contacted us and asked to use our platform so they can enjoy the benefits of our technology and expand to internet explorer and safari as well and we are working with them to help them launch. Since I am close to both organizations and met their decision makers in a few occasions, I can share with you that we are in a good relationships and working closely. If you would like, we are more than happy to share with you some of the recent correspondence we had.

That said, we cannot ignore the fact that there is some history with Mozilla. More than 4 years ago when conduit was in an early stage (and was called effective brand) we had a lot of discussions with the Mozilla community members and a lot of issues were raised by the community. Some of the issues and a few complaints about  Firefox bugs were in fact justified and were resolved by our engineering team. other issues were discussed and remained open for some time until they got resolved in the last 2 years.  Since our first discussions with Mozilla from 4 years ago a lot has changed in both organizations in terms of technology, products and people and the dialog we have today is transparent and effective.[/b]

>>we are proud of the fact that we do not collect share or sell data

Ummm... But YOU DO collect and share data. You have an 'Analytics' section with detailed data on toolbar usage, remember? You don't mean it's all totally fake, do you? And by the way, what are these "URL detection APIs" that can be "turned on" in the publisher's "Advanced privacy settings" section? What happens if I put a check mark there?

[b]TW >>> you are wrong. we do not collect and share user data. The analytics for publishers that we offer include aggregated data and not user data. The analytics we provide are not different than Google analytics, standard video analytics or banner ad analytics. We do not collect user data, we do not know what a specific user is doing on the web (URLs, browsing habits, activities within sites) and we most definitely do not and cannot share any such data.
As explained above we are legally committed to maintaining these policies and they were audited and approved by our partners and investors plus our business model has nothing to do with user data so obviously we have no incentives of doing it.

The URL detection APIs are actually a security measure… our APIs can enable publishers to detect the URL visited by the user and can use it for different features. For example: offering coupons to users if they get to a specific site with bargains . Because this feature may be used to send additional data, we disabled it by default and publishers that opt to use it must use it in accordance with our terms of service and privacy policies. Needles to say the feature is not used by Conduit but by publishers that opt to use it and the data doesn’t even go through our servers but directly to the publishers.

Publishers that opt to activate this feature are automatically losing their privacy seal and they must manually approve the feature and legally commit to use it for the benefit of their users. In addition, all of the publishers that activated this feature are periodically examined by our compliance team to make sure they are following their commitment.

We built this feature for the benefit of our publishers that want to offer contextual data to their users and build rich applications, 2 years ago we increased the security measures around it and from our compliance reports  it looks like the feature is being used to the benefit of end users without compromising their privacy. If you have any ideas or suggestions about further improving the feature please let us know.[/b]


Regardless of that even, every single one of the little toolbars phones home with its unique ID many times a day. You are receiving all the data on which toolbar was clicked, at what time, which component - and all the search queries too, no doubt. You say that the data you collect is not "personally identifiable" - that's nice. But it's kind of like if somebody was standing and looking into your sister's bedroom window - and when caught, the guy would say 'Hey, so what, I don't even know the girl's name'.

[b]TW >>> Yes. The toolbar has a unique ID. The ID is required to indentify new toolbar installations and confirm that the toolbar is active. Without knowing If the toolbar is active we can’t update the software version or fix bugs and we can’t compensate publishers for a new install as part of the rewards program. The ID is a number that is provided by conduit and it is does not include any user data or sensitive information. If you have additional questions or suggestions please let us know. 

Yes – the toolbar does send non personal information about clicks on components and this information helps us identify bugs and fix them. however we do not collect the information in our databases and do not match it with specific users, instead the information is aggregated as a non identifiable data and it is used to identify component related bugs as well as display aggregated data in the analytics that publishers use. The same goes for search queries – Conduit is not a search company and have no interest in search data. We pass the search queries to our search partner and we do our best to filter blank queries and spam to improve the user experience.   

Your analogy to the girl in the bedroom is wrong. we do not “look into” the users’ toolbars as it is not our model. We do not focus on individual users but on the publishers that use our technology. from the 60,000,000 users we power do you really think that we are interested in looking into each and every one of them? you are also wrong in your analogy with regards to the data that is exposed. Is an anonymous click on the RSS component equal to someone peeping into a bedroom? A click on the RSS component is not a personal activity, especially if the click is aggregated with millions of other clicks so it is not identified with the specific user. The right analogy would be that we get a letter sent anonymously by the people providing us with a very high level description of what they did in the bedroom  and we would create a big pile of such letters  without knowing anything about the people, or even seeing them. I hope this analogy is helpful.

In addition - the non personal information that is transmitted is very basic and it is no different than what is sent by most of the popular software or add-on solutions in the world, including Google, Yahoo, MSN and others. In fact it is not different than what is sent as part of the standard web site analytics tools that most sites use and similar to the most basic tools provided by Google analytics. Also. users that wish to not send such information can opt to do it from the options menu.

Are there any additional measure that you think we should take? Please let us know.[/b]


Also...

Conduit toolbars have been banned and continue to be removed from AMO:
http://getsatisfaction.com/mozilla/topics/malware_conduit_toolbar_found_on_amo

As an example, this is an informative comment from back when Conduit was Effectivebrand, if the poster is correct Conduit lied to its users before:
http://digg.com/software/Firefox_Digg_Toolbar?t=219543#c219543

[b]TW >>> Please see my comments about AMO above and let me know if you have any further questions. [/b]

Would you claim that Conduit/Effectivebrand is not behind http://www.make-money-toolbar.com - and that it is not a fake website put together by the company to attract more publishers?

[b]TW >>> yes that’s exactly what I’m claiming. The site is 100% owned and operated by a publisher that uses our technology and conduit is not behind it. we know very well who is the publisher behind this site and you can easily find out who he is by following the links to his toolbars as he promotes them on the site. 

ALL of the activities that we do to attract new publishers are under the Conduit brand only.
[/b]
[b]
theRay – I hope this reply was helpful.  Again – if there are any missing details or information that you would us to share, please let us know. As stated above, we are more than happy to meet you in person and welcome you in our offices whenever you would like to come over. If you wish to continue this discussion via email or phone please shoot an email to our support (support at conduit dot com) and ask them to forward your email to Toolbarwiz.

If you have suggestions and recommendations on how we can improve please let us know. We welcome your comments and we will do whatever we can to improve where it’s needed.

Yours,
Toolbarwiz
[/b]

Mega User
Re: Conduit community alerts flaged as malware by A-Squared Anti-Malware
9/20/2009 1:34:20 AM
theRay - your technical comments will be reviewed by our tech team and if needed changes will be made. feel free to reach out to us at any time and share your insights and advice.
Mega User
Re: Conduit community alerts flaged as malware by A-Squared Anti-Malware
9/18/2009 10:08:39 AM
oops... too much playing with the BOLD feature... hope this is still readable
Mega User
Re: Conduit community alerts flaged as malware by A-Squared Anti-Malware
9/18/2009 10:06:22 AM
Stanislaughski – it’s good to have you back.


Sean – thanks for your support and for your comments. However, I would like to clarify that Conduit is not adware. We provide a free platform that others can use to developed their branded software, and their branded software is not ad-supported but search supported. We have no relationship with ad agencies, we do not buy or sell ads, we do not have ad inventory and we do not buy/sell/provide targeted data to advertisers. In fact, we turn down at least 5-6 offers every week from ad companies that want to use our platform to deliver ads.
We provide a search feed that is powered by Google and we have little to do with the search or sponsored results. In addition, although at the end of the day the revenue we make is generated as a result of clicks on sponsored ads, our specific model is not just based on such clicks and we earn our revenue based on the overall activity and the overall search traffic and not simply based on each and every click that users perform. That takes us even farther away from being ad-supported.
Our model is unique and trying to compare it with other models does not always work. For the sake of making an argument you can claim that Google/Yahoo/MSN toolbars are adware and ad-supported as well but in their case it even makes more sense than in ours since all of them also control the ads, the inventory and the advertiser relationships. And in any case, non of them is considered adware…
In addition, we also support publishers that want to offer their own search feed or want to remove the search on a per case basis. in such cases we can charge a license fee to replace the search supported revenue we could have generated.

I hope this helps…


theRay – thanks for your response. Please find my comments below. [please note that I just noticed your second post… this is an answer to your first post and if needed we will answer your second post later on]

1) I do not really care about whichever certifications - I am not trying to do your marketing for you. I could appreciate the things like, say, no check mark beside the address bar search hijacking option by default, for example. That would be less malware-ish. Updates without user's consent are nasty too, and so is the "alerts" function.
[b]
TW>>> what do you mean by “no check mark beside the address bar search hijacking”? can you please send me a screenshot? If we need to fix something that does not follow good practices we will.

“Updates without user's consent are nasty too” - are bug fixes considered nasty? You are invited to meet our engineering team and present them with specific questions. If your comments will make sense they will be accepted and we will be happy to make any change that is needed.

“and so is the "alerts" function” –  in this gallery you can find 55 different alert examples from publishers that actually find the feature to be very useful  http://www.flickr.com/photos/conduityoursite/sets/72157621963489858/. Among them are a few leading marketers and well known brands. In fact some of them were so happy they twitted about it and posted it in their PRs and marketing materials. And to clarify once again: Conduit is just the platform… we don’t build or distribute toolbars and we don’t send alerts to anyone… like other features in our technology alerts are optional and can only be used by publishers, if they opt to use them. obviously if a publisher doesn’t want to use the alerts he can opt not to. In addition the number of alerts per day is limited.  We trust our publishers to use the alerts wisely just like any other feature that we offer. We didn’t get any complaints so far about excessive use of alerts.
[/b]
2) Relax, who says "spying". I believe it's called "collecting completely harmless statistics totally necessary in order to improve the service".

[b]
TW>>> You are correct. In fact this is the exact language that is used by the leading and most popular add-ons in the market.
[/b]

3) It's not just unfavorable comments, it looks like unfavorable facts, I'm afraid. A few web queries uncover a good measure of sketchiness in this company's past. The software, the statements, the tactics, the response to criticism. This blog post has a collection of links to get started: http://malware-research.blogspot.com/2008/12/conduit.html

Your first product was UCmore toolbar, which, if the web is to be believed, you marketed as a "search accelerator" which was pretty much uniformly classified as Malware/Spyware (up until version 3.0), complete with stealthy install, visited URLs tracking and targeted ads. Web archive still has the snapshot of this "grandfather" Conduit toolbar, so to speak:
http://web.archive.org/web/20040804061846/http://www.effectivebrand.com/

...And Google shows serveral thousand pages with removal instructions.

[b]
TW>>> the world wide web is that it allows almost everyone to post anything anywhere. There is a lot of information out there and you choose to call some of it “facts” while dismissing other items that don’t match your theory.  I’ll try to help on this matter as much as I can:

UCmore is a company that existed a few years ago before it was closed. As far as I know and checked they had a browser technology. The technology was different than Conduit’s - It was a b2c product aimed at improving search while serving ads and shopping information (I hope I got it right but I am not 100% sure)  and it wasn’t a b2b platform that enabled publishers to build their own toolbars. the founder of UCmore closed the company and founded Conduit later on as a new and different company – that’s the main connection to conduit. now before founding Conduit he was also a founder of 3-4 other technology companies (1 of which was successfully sold) and prior to that he also served on leading and executive positions in a few successful companies in silicon valley and Israel throughout his 25 year career. Does that mean that conduit is also somehow connected to all of his other companies and positions? If so that’s great as these companies got amazing write ups and sold products in millions of dollars worth.
The simple fact is the UCmore has nothing to do with Conduit other than the same founder and a few team members that joined Conduit long after UCmore was closed and after they worked in other places. Conduit has a different technology that was patented and developed by a different engineering team.

I loved the “grandfather toolbar” image!  I never saw it before (I joined Conduit only a few years ago) and it’s amazing to see how much our technology has evolved since then.  in any case, it looks like it was an attempt to integrate the UCmore component into the conduit platform and offer it to publishers that opt to add it to their toolbar just like any other component that is available today and was available in the last 4-5 years. I don’t think that this UCmore component was available to publishers in a very long time now (at least not in the last 3 years) but if you want I’m more than happy to check and give you exact dates.

With regards to UCmore as a malware company/technology– I made my own research and probably read the same articles that you read and it looks like the company was in fact flagged as malware in some places. To be perfectly honest – I do not know the background behind it as I was never employed by UCmore and it was a long long time ago. obviously I cannot comment on their behalf but only on behalf of conduit and as we told you before: conduit has a safe technology and transparent policies. If you would like to learn more about the history of UCmore I can try to find out for you but it may take some time since a long time past and it is not related to conduit. Let me know if you would like more information on that.

As a quick reality check - do you really think that you are on to something that all of our partners and investors missed or chose to ignore? How is a company that was closed a few years ago still relevant to this discussion? Are you claiming that this company reflects on conduit (a different company with a different technology, different partners, different investors and different employees) ?
[/b]


“...And Google shows serveral thousand pages with removal instructions.” - 
[b]
TW>>> of course it google shoes such results. there are thousands of publishers with millions of users that use our technology and it’s only natural that you will find many results. How many removal instructions pages are there for the Google/Yahoo/MSN/ASK/Miva toolbars?  How many removal instructions pages are there for all of the world’s leading software? Including security software like AVG/Symantec/Kasperski/adaware/spybot and more?  How many “credible” reports from “experts” are out there?
[/b]


4) First you said you didn't collect data, which I pointed out to be false, now you say you don't collect "user data". "User data", "non-identifiable data", "non-data" and "anti-data" - I am not going to argue semantics. Let's make it clear. Your toolbars are sending real-time information on their individual (not aggregate) users' locations and activities to your servers.
[b]
TW>>> the problem with not getting into semantics is that it allows people to say and write things and then not stand behind them because they don’t want “to argue semantics”. in fact the semantics do make a difference and there is a professional terminology that software and platform developers must know, understand and follow. If you look into the policies of Google, Yahoo, MSN and others you will find the same semantics. And in case you don’t trust these companies as well, let me speak on conduit’s behalf and try to clarify one more time: yes our technology does send data, just as all of these companies and their products send data and just like most honest, safe, secure and certified interactive client application send data – anonymous and non personal data.
When the data is sent of course it is not sent as aggregated data but as individual data but what is important here is not just how it is sent but also how it is received. That’s where the word “collect” gets into the picture. We do not collect (=receive, store and archive) the data per user but as aggregated data. And the reasons for that as we explained before are very simple: [a] it is not our business model [b] we are legally committed not to do it. And to clarify even further: the “activity” data that is sent is not different than the data that is sent by an web sites that uses standard Google analytics. I don’t know if you have a web site of you own or if you use standard analytics tools but in case you don’t there is very easy for you to check this issue as part of your research: just build a free blog/site using blogger, webs.com, ning  or other tools and embed a basic google analytics code in there. Please let me know if you need help or have any questions.
I hope the semantics are clearer now but in case they are not let me clarify again: we do not collect user data.
[/b]


5) Your problem with AMO was more serious than just "spamming".

Quote
The ID is required to indentify new toolbar installations and confirm that the toolbar is active. Without knowing If the toolbar is active we can’t update the software version or fix bugs and we can’t compensate publishers for a new install as part of the rewards program

Oh wow, now this is downright ridiculous. You don't need to slap a tracking device onto every installation to update the software and fix your bugs. The CTID and the version number are enough for all technical purposes. You don't need these IDs to detect new installs either. A simple one-time request/response to/from the server will establish the event just fine.
[b]
TW>>> “ridiculous” is an interesting observation but it is different than what many other engineers that created the product seem to think. I do not know what is your background or expertise in software engineering or server communications but you are invited to a technical discussion with our team where you can share your insights and advice. If your points will make sense we will be happy to change whatever is needed in the product.
[/b]

You don't have to have unique IDs to share your revenue with publishers. All you need is the money, really. You already know how much revenue each publisher is generating for you. The money does not come from active users/day, new installs, or anything wishy-washy like "stickiness". Those ads need to be clicked and preferably from within the United States rather than Mongolia. The fancy and supposedly complicated PPI mystery formula nobody really knows anything about to even try to understand it - that was your choice, your way to present your Rewards system, nothing more. For all anybody else knows, you are just sharing however much you feel like at the time. But well done, market saturation is now your friend. No new users - nothing to pay out, all the while continuing to generate ad revenue.

[b]
TW>>> you are wrong here. without knowing about new installs we can’t compensate publishers. Without knowing that the users are still active we cannot calculate the ongoing PPI rate.
I already commented about ad clicks in another comment in this post. Please refer to it.

The PPI is no mystery and we are more than happy to explain it if to you if would like. On a side note, are you familiar with Google adwords? See if you can find some similarities in the system and in the logic behind it.

yes – a user in the US can generate greater revenue than a user in Mongolia (although if we want to be accurate GEO is just one element and in some cases a Mongolian user can be worth more…) and this is a well known fact that publishers that use basic technologies that generate revenue from search (or even from standard ads) knows – just like the MSN rewards search or Google adwords or CJ/linkshare programs or many standard ad networks. Now, what does the GEO of the user have to do with us as a company? As explained here, we are a platform and we do not distribute… and in case you are not aware, we have publishers from all over the world - the US is just one of many countries that are served using our platform. In fact we support so many languages I lost count… here are a few examples of international toolbars built by our publishers - http://www.flickr.com/photos/conduityoursite/sets/72157621887237389/ some are based from outside of the US and some were built for foreign communities in the US. If you want more examples of international toolbars please let me know.

In the last 2 lines you included another theory about the PPI. Instead of writing another long comment it might be more simple if you can send us your site and toolbar information and we will then go over your numbers together and in person so we can provide you with all of the information about your PPI and show to you that your theory is wrong. if you are claiming that there is a “saturation” and no new installs for publishers you are wrong and we can easily show that to you.
[/b]


And you could still count the RSS clicks without the IDs and share those data in the Analytics reports like you do now if you can't live without those numbers.
[b]TW>>> you are wrong. please refer to our answers above. [/b]

And yet you choose to set and track the individual unique IDs - despite the fact that since 2004 you have been working hard to convince the world you are not distributing spyware (any more).
[b]TW>>> this point is not clear. Where is the spyware? Or where was the spyware (that “is no longer out there”)? What are we doing with those user IDs? What are we tracking? I hope that the other comments in this post answered your questions. [/b]


On a personal note, I have indeed seen too much avoiding-the-issue meaningless promo-speak in response to valid questions raised by forum members around here. Strangely enough, after a while it really does start to feel like a cult of sorts. It's in the way you defend your company too, sounds a lot like this:

Do you realize that L. Ron Hubbard's books are bestsellers in a hundred of languages? Are you accusing respected Oscar-winning actors John Travolta and Tom Cruize of being stupid, or worse, taking part in some big conspiracy to lie to you? 8 000 000 people trust Scientology. I am just saying, if it were a destructive cult, surely Scientology would be illegal by now. Do you think that if Scientology were actually bad for you, a highly respected company with strict guidelines such as Google would put Scientology ads all over YouTube, the #1 video-sharing site in the world? Scientology commercials were broadcasted by CNN and the Food Network too... So yes, on behalf of the Church of Scientology, thank you for asking, and let me assure you: Scientology is safe.
[b]
TW>>> We are not a cult but a technology company, one of many other companies that are out there trying to offer their services and products. Do you consider other companies that communicate with people in their forum as cults as well just because they are communicate patiently with forum members? the reason why I wrote “I can assure you” in a few places in this thread was because you seem to have your own truth and you stick to it no matter what the real answers are. By reading your posts it seems like you know something that others are missing (including many credible entities) and there is not much we can do or say to convince you otherwise. Should we not say “I assure you”? should we not give you an open stage to say whatever you want? So far, you voiced a few different theories and even after you got clear and honest answers you chose to ignore some of these answers and focus on other new points and theories while saying we are using “avoiding-the-issue meaningless promo-speak”. What have we avoided so far? What open questions do you still have?  What other type of “speak” would you like us to use?

I hope that this post covered the other points you have raised, but if it didn’t we will be here and we will continue to listen to everything you have to say and answer all of the issues or questions you may want to raise with great patience (as long as the discussion is within forum rules). You are investing considerable time here so we can only assume that this matter is important and means a lot to you – it is important to us as well and we will invest as much time as needed on our end. It also seems like you strongly feel that you are right here and on our end, we strongly feel that you are not right. However we are willing to hear you and make changes if needed. 

You are obviously an intelligent person and you are obviously spending time in researching, commenting and posting. So instead of us trying to convince you in our own way, why don’t you tell us what it would take to show you that your theories are wrong? seriously. If you would like, you can have access to any document you may want and you can bring any expert on your behalf and we will be happy to meet and discuss all of your points. If you will be able to show us that we are doing something wrong we will gladly fix it. let’s not make it personal and let’s spend the time to go over any open issues you may still have.

Toolbarwiz
[/b]
Mega User
Re: Conduit community alerts flaged as malware by A-Squared Anti-Malware
9/14/2009 11:10:45 AM
[b]theRay[/b] –Social Guru simply mentioned the fact that our platform is safe and that it was certified by Trust-e. The points you raised about Trust-e in your post should be looked at but they have little to do with Conduit. As such, the points you raised should be addressed by Trust-e and not by Conduit (in fact I will make sure they will get a copy of your post). The fact is that our platform was certified after a serious and very exhaustive technical due diligence process and that our technology is safe with or without the certification. We are proud of that fact that our technology is safe, we are proud of the fact that we do not collect share or sell data, we are proud of the fact that we care about privacy and we will continue to do anything we can to enforce our policies and ensure the safety of our publishers and their end users.

If you are familiar with other certification entities or tools that you think we should consider using or offering as part of our solution, please let us know. We are open to all suggestions and are happy to consider additional or alternative options if needed. The reason why we chose Trust-e for the certification process was that they were the only solution that could certify downloadables in a scalable way (since we power more than 200,000 different toolbars we looked for other solutions before we chose Trust-e). Obviously, publishers that want to certify their toolbar on a per case basis or in addition, can use any other tool or service and they will get our blessing and assistance.

Thank you for your post. We will follow up on the points you have raised.



[b]stella123[/b] – I’m sorry to hear about your concerns. theRay’s post was does raise a few issues that should be further discussed, but it has nothing to do with the safety of our technology. Regardless of the certification we got from Trust-e (which is optional and provided as a service to our publishers), there are a few other things that you may consider before choosing to use our technology. Here is a short list:

Our technology has been used in the past 5 years by more than 200,000 publishers and their 60,000,000 users from all over the world. Among our clients are well known brands including Time Warner Cable, Major league Baseball, FOX, National Hockey League teams, Travelocity, Oxfam, Greenpeace, Emusic, Universal Music, Lufthansa, NBC and many others, some of them are public companies that are subjected to audit processed in order to ensure that their products are safe and follow best practices.  All of these partners use the same technology that is available to all on conduit.com.

Our company is backed by Benchmark Capital (a tier one venture capital firm that also funded eBay, AOL  and other well known companies) and we have strategic partnerships in place with Google and other leading technology partners.  Our company was covered in the world’s leading business and tech publications including USA Today, Business Week, PC Magazine, ZDnet, Cnet, Media Post, advertising Age, Clickz, Marketing Sherpa, Venturebeat, The Examiner, Techcrunch and many others (all wrote excellent reviews about our products and services). More examples are available here - http://www.conduit.com/AboutUs/media-coverage.aspx


I hope this helps. Please let us know if there are any questions or if you are in need of additional information or examples. We are happy to help.



[b]Thomasalan and Bucki[/b] – thank you for posting this on the forum. As a result of your post we got in touch with “A-Squared Anti-Malware” and asked them to remove the false identification. They admitted that it was a false detection and confirmed that they will remove the detection in their next update. Here is a copy of their email (personal details were removed and marked “X”):

----------------------------------------------------------------------------------------------------------------------------
-----Original Message-----
From: XXX - a² Team [mailto:X@emsisoft.com]
Sent: Monday, September 14, 2009 3:37 AM
To: XXX
Subject: Re: URGENT - false detection

Hello,

false alert will be patched in the next updates.

Sincerely yours,
XXX
a-squared Team - www.emsisoft.com
----------------------------------------------------------------------------------------------------------------------------


In general – false detections can happen from time to time in the software world. And just like bugs or service downtime false detections can happen with any software or to any company (including Google, Microsoft and others).  In many cases, false detections are a result of the popularity of the software and that fact that millions use it around the world (therefore the statistical probability of a detection increases). The best and only way to deal with false detections is transparency - contact the company and ask them to review the software. This is exactly what we did in this case and the issues was shortly resolved.

Our team didn’t find any false detection by Kaspersky. As a result of this post we also got in touch with our friends at Kaspersky and they couldn’t find anything on their end. If you have any information about it (screenshots, version numbers, logs, etc.) please send it over and we will ask them to resolve it as soon as possible.




Please let  us know if there is anything else we can do to help.

Yours
Toolbarwiz
Mega User
Re: Conduit community alerts flaged as malware by A-Squared Anti-Malware
9/22/2009 4:46:19 AM
as promised: the technical comments were reviewed again, this time with some additional help from the engineering team, and it was verified that the items that were described by forum members in this post were not accurate. as we shared before: the data that is sent does not include any personal information and the usage is non identifiable and aggregated. it is similar to what is used in all other standard analytics tools and in the world's most popular browser add-ons.

as always, if there are any further questions or need to clarify we are happy to help.
Power User
Re: Conduit community alerts flaged as malware by A-Squared Anti-Malware
9/11/2009 1:04:43 PM
Why are you surprised?
Conduit toobars [b]are[/b] malware, only way to resolve the issue is to tell your users to uninstall the Infection and clean up their computer......If they can. ;)
Power User
Re: Conduit community alerts flaged as malware by A-Squared Anti-Malware
9/17/2009 1:35:33 PM
Ooh how clever!! using another name are we, why don't you admit you're a Conduit employee posing as a user?
Lame routine, wouldn't expect any different from a Make Money Toolbar drone.