License Keys and Privacy

[MeInMaui]

Quote:

Originally Posted by Opus4

I have my (undocumented) ways. I refuse to tell you how I knew that, lest you manage to cover up one more clue to your identity. You can sit in your bunker, but you can't hide!

- Andy

I thought I could throw you off by telling you my communications were relayed across 88 countries. But since I see that did not work, I guess I can now tell you it was actually 108 countries.

But now I understand... You were able to track me through my SageTV registration key! I'm on to you now. I guess I'll have to use placeshifter to mask my location.

No.... that won't work.... DOH!

[Opus4]

Not only that, but I know what you look like, with your round glasses, suit & bow tie, high forehead, and intense stare. You should never have bought that webcam! [Edit: now with the avatar change, this post makes absolutely no sense...]

Don't worry though. I'm very trustworthy and would never give any of this info to anyone else.

- Andy

[gblinckmann]

Quote:

Originally Posted by highlands

If I were to share my license with anybody then that would be a piracy concern, not privacy.

I give my name and credit card info to lots of companies when I buy their goods. But does that mean they should [I]hack[I] my name into the product? Would I let a car company etch my name across the windshield just because they already know who I am?

When you have elevtronic products, embedded information can always be hacked and used/misused. In case of Sage TV, not only data can be collected about my viewing habits, it can even be associated with my name. Would I want Sage TV, or some other entity, know about what I watch, what I record, what I convert, etc.? Can anyone assure us that this data is not being collected, or that it will not be collected in the future?
I'm afraid Sage is playing fast and loose with our private information.

Think about it.

You know, I ordered a Chrysler PT Cruiser back when they first came out. When I got it, it had my name on it! That (in retrospect) should have been a privacy concern to me now that I've sold the car.

The difference here, and why I believe that this is NOT a privacy concern, is that I can't sell the SageTV key. It's a license, not a physical product. The same rules just don't apply. Apple is also watermarking their non-DRM'd music files. This should be fine as you are not licensed to resell them.

[MeInMaui]

Quote:

Originally Posted by Opus4

Not only that, but I know what you look like, with your round glasses, suit & bow tie, high forehead, and intense stare. You should never have bought that webcam!

Quote:

Don't worry though. I'm very trustworthy and would never give any of this info to anyone else.

- Andy

Whew. That's a relief.

Anybody want to buy a slightly used bunker?

[GKusnick]

Quote:

Originally Posted by highlands

My problem is when they hack- as in brand, or blazon my NAME into the actual product.

What makes you think this is being done? The "actual product" -- i.e. the software itself -- is freely downloadable by anyone from a public server. So it seems highly unlikely that your name in particular has been somehow encoded into the executable.

A more plausible theory is that your name was used as part of the input to a one-way function that generates license keys. So during registration, the software needs to ask for your name again as input to a second one-way function that validates license keys. But there's no need in this scenario for your name to be stored anywhere in cleartext (let alone "hacked into" the product), and you've offered no evidence that it has been.

Even if you believe the one-way functions can be broken and your name somehow recovered from the license key, that would still require the bad guys to gain access to your key in the first place. And if they can do that, then surely they can gain access to other personal info on your machine or in your email traffic. So I don't see how the Sage license key adds materially to your risk.

Unless your point is that the Sage sales people themselves are the bad guys. But if you believe that, why on earth would you do business with them in the first place?

[laurenglenn]

It's not really something too serious to worry about when it comes down to it.

It's your license and it's one way to deter people from spreading a license key around. If my credit card info was part of the key, then I'd be more worried. My name is somewhat common, though.

Another thing to keep in mind that I would personally volunteer my SageTV watch history if it played into the Nielsen ratings. But, something like that should be voluntary.

Personally, I think the best way to keep your identity safe in this new day and age is to have bad credit. If you can't get a credit card, chances are that nobody else can get one either with your name. No surprise credit card bills and there are no lawyers that you need to hire to fix your new-found bad credit that someone else gave you.

This peace of mind is great and you no longer worry about keeping a high credit score and someone stealing your identity. There are bad sides to this, of course, in terms of loans, etc. But you can always rebuild your credit a little over time.

Keep that in perspective and when you register, you can always use a false name (as long as the billing name matches the credit card).

Lauren

[highlands]

Look everyone, I have nothing against license keys; just when they are paired with my name and stored somewhere in the my copy of the program.
Software like Sage is practically looking over people's shoulder's in their own homes as they watch TV, for God's sake. They would do us (and themselves) a favor by revisiting privacy ramifications, and getting more specific & forthcoming.

Quote:

Originally Posted by GKusnick

A more plausible theory is that your name was used as part of the input to a one-way function that generates license keys. So during registration, the software needs to ask for your name again as input to a second one-way function that validates license keys. But there's no need in this scenario for your name to be stored anywhere in cleartext (let alone "hacked into" the product), and you've offered no evidence that it has been.

That may be so Greg. If it's a one time, one way verification, then, fine. But, I doubt it is, and I wonder if anybody from Sage development would confirm this? It shouldn't be up to the user to provide the evidence, rather for the developer to state it in their privacy policy. Read Sage privacy policy again http://www.sagetv.com/privacy.html , especially bullets 1-4. Tell me if there is ANYTHING prohibiting any data about anyone from being collected and shared with anyone at the company's discretion?

The best defense against misuse of personal information is not to collect it in the first place. We in New York know this as: if you don't want your car to get broken into, don't leave any valuables inside. Experience shows that anytime valuable information is accumalated, it will be either hacked, stolen, sold, subpoenaed, or otherwise leave well intentioned hands.

See Electronic Frontier Foundation (www.eff.org).

[Mahoney]

You have a problem with your name being in a file on your computer?

[nielm]

Quote:

Originally Posted by highlands

Look everyone, I have nothing against license keys; just when they are paired with my name and stored somewhere in the my copy of the program.

What exactly are you concerned about?

That Sage tracks you? As Opus4 mentioned, They don't need to store your name for that - the licence key is enough to identity your name in their own sales DB.

That a software from third party tracks you from the information registered with Sage? Well, to be honest, this is not sage's problem, and neither is it really practical. The licence info is not stored in an easy-to-access location (it would be pointless if it was), and there are a thousand other ways malicious software can identify you (browser plugins being the most simple, obvious and dangerous)...

And finally, your name is not on public display in Sage (unlike some other software) -- not on the splash screen, not in the normal screens or sys information, not in recorded TV files...

Quote:

Software like Sage is practically looking over people's shoulder's in their own homes as they watch TV, for God's sake.

yes it is. Did you know that it also remembers every single program you watched and stores it in a database?!

Quote:

If it's a one time, one way verification, then, fine. But, I doubt it is,

Sorry, but it's time to unplug your computer, telephone, mobile, close your bank accounts, cancel the credit cards, buy a load of guns 'n' ammo (with cash and a false name, obviously), sell the car or get false plates, and move to that bunker in Montana.

(unless, that is, that you have checked the privacy policy of every one of your ISP, email host, telco, bank, mobile service provider, and found them suitable)






(click for more examples -- I promise the link is safe... but then can I be trusted!)

Remember, in Soviet Russia, Sage watches YOU (Thanks for the idea , sakker)

[highlands]

Oops! I forgot this is for an international audience. Never mind.
BUt if you all were Americans, you'd know what I'm talking about. We're a little touchy about privacy and stuff here. WE even got a Bill of Rights.
For example, a couple of years ago, our government tried to get libraries to report who's reading what. You wouldn't believe the fuss some people made! The old farts! It was like, "dude!, what's wrong with knowing what you read??!! They're the good guys! You got something to hide??" but no. They went on and on until they snuffed that law. It was funny. Strange Americans! But, our younger ones are more like you. They're much more relaxed about little things like this.

[rickgillyon]

Quote:

Originally Posted by highlands

BUt if you all were Americans, you'd know what I'm talking about.

Are you saying that all Americans are paranoid?

I *was* surprised that once I'd bought my sixth Sage licence, I was legally obliged to clean Jeff's pool every three weeks. And that firstborn son clause is a real kicker...

[sainswor99]

Quote:

Originally Posted by highlands

BUt if you all were Americans, you'd know what I'm talking about.

I'm an American, and I have no freaking clue what you're upset about.

Quote:

WE even got a Bill of Rights.

I'm sure the founding fathers meant to add the 11th amendment: no private company will ever collect information on a customer.

Quote:

For example, a couple of years ago, our government tried to get libraries to report who's reading what. You wouldn't believe the fuss some people made! The old farts! It was like, "dude!, what's wrong with knowing what you read??!! They're the good guys! You got something to hide??" but no. They went on and on until they snuffed that law. It was funny. Strange Americans! But, our younger ones are more like you. They're much more relaxed about little things like this.

So, when did Sage become a secret shadow governmental entity? I think if the gov't wanted to know what you were watching, they'd go after your cable operator or satellite operator first.

The issue is simple; if you don't like the policy, don't buy the software. Go buy a VCR (using cash only of course).

[mattdcknsn]

Unfortunately the Bill of Rights is only there to protect US citizens from the government. If you read them they only refer to what the government can and can't do.

Quote:

Originally Posted by highlands

BUt if you all were Americans, you'd know what I'm talking about. We're a little touchy about privacy and stuff here. WE even got a Bill of Rights.

[stanger89]

Quote:

Originally Posted by highlands

Look everyone, I have nothing against license keys; just when they are paired with my name and stored somewhere in the my copy of the program.

As Neilm, said, do you have a problem with having your name in a file on your PC?

Further, what evidence do you have that your name is stored anywhere? You seem to be raising a fuss because you have to enter your name on the Key Entry dialog, but where do you get the idea that it's stored anywhere?

It's not available via an API, it's not stored in the properties file.

Quote:

Software like Sage is practically looking over people's shoulder's in their own homes as they watch TV, for God's sake.

That's kind of the point of Sage, that it learns your tastes and records stuff for you. But if you see above, that info isn't collected anywhere but on your private PC.

And that's really the whole point isn't it. You're raising a fuss about possibly (you don't even know) having your name on your private PC. I just don't understand that.

Do you run something like MS Money? Turbo Tax? They've got your name stored on your PC.

Quote:

They would do us (and themselves) a favor by revisiting privacy ramifications, and getting more specific & forthcoming.

Was Dan's (CEO) statement insufficient for you?

Quote:

That may be so Greg. If it's a one time, one way verification, then, fine. But, I doubt it is,

Why do you doubt it?

Quote:

and I wonder if anybody from Sage development would confirm this?

I doubt it, that would be retarded, it would be like an open invitation to crack the software.

Quote:

It shouldn't be up to the user to provide the evidence, rather for the developer to state it in their privacy policy. Read Sage privacy policy again http://www.sagetv.com/privacy.html , especially bullets 1-4. Tell me if there is ANYTHING prohibiting any data about anyone from being collected and shared with anyone at the company's discretion?

Tell me how that is any different from any other company? Do you raise such a fuss about every company or just Sage?

[highlands]

Quote:

Originally Posted by mattdcknsn

Unfortunately the Bill of Rights is only there to protect US citizens from the government. If you read them they only refer to what the government can and can't do.

Precisely. But the good news for any [intrusive] future government these days is that private companies are doing the collecting part for them, mostly for benign reasons such as marketing, flow analysis, etc. Now that the information has been collected, the government can simply subpoena it in legal case and most always they get it.

What the Electronic Frontier Foundation ( www.eff.org ) is trying to do is raise awareness about the very real possibility of such an end-run around the whole Bill of Rights. It's not up to the companies to really care about this because it's not information about them that will get misused. Users have to recognize the new challenge.

[GKusnick]

Quote:

Originally Posted by highlands

It shouldn't be up to the user to provide the evidence...

If I were to claim that Sage contains subliminal mind-control messages, the burden would clearly be on me to prove it, not on Sage to disprove it. Similarly, if you want to claim that your name is somehow "hacked into" the product, it's up to you to show that there's some substance to that claim, or at least to define what you mean by "hacked into" in such a way that someone else could verify your claim. So far you've done neither.

Quote:

Originally Posted by highlands

BUt if you all were Americans, you'd know what I'm talking about. We're a little touchy about privacy and stuff here. WE even got a Bill of Rights.

We also have a tradition of hard-headed skepticism, and a legal priniciple called the presumption of innocence. If you want us to get worked up about this issue, give us some basis beyond wild speculation and links to the EFF for believing that anything nefarious is actually happening in the particular case of SageTV.

[IVB]

I apologize, but i'm not getting all the angst.

Highlands, if this is so offensive to you, why don't you just uninstall SageTV and any other program that doesn't behave how you want it to behave, and find a program that works as you want it to?

It's pretty clear that you don't like it, why would you persist on continued arguments? I don't bother talking about Iraq, abortion, and freedom from religion with many of the folks that I know i'll never shift positions, as that would be a fruitless and sado-masochistic venture.

As you said, this is America, and you have the right to not use SageTV. Voting with your wallet is the best way to make your point.

[highlands]

Quote:

Originally Posted by stanger89

Was Dan's (CEO) statement insufficient for you?

Dan's statement was great. It said all i needed to hear especially the part about letting us know about any future changes which "would be considered a major change to our privacy policy." He takes responsibility.
Problem is: Andy quoted it from somewhere else, it's informal and it's not what the legalese privacy statement says.

Quote:

Originally Posted by stanger89

Why do you doubt it?

I have issues with authority. Runs in the family- all the way back to men in wigs who wrote the Bill of Rights.

Quote:

Originally Posted by stanger89

I doubt it, that would be retarded, it would be like an open invitation to crack the software.

So, if a user asks what's being done with data collected from him, he's making a fuss. If a developer were to reassure him, it would be retarded?[/QUOTE]

Quote:

Originally Posted by stanger89

Tell me how that is any different from any other company? Do you raise such a fuss about every company or just Sage?

I must admit I'm more sensitive to Sage because the information involved has to do with what I do in my home in my spare time. We have a more intimate relationship with Sage than most other software.

Now, you said several times I am making a "fuss". Others have made light of the issue in this tread as well. You make me feel like a cranky, eccentric, village idiot. However, from my standpoint, I think the real story here is how you guys are so lax about your personal information.

I understand you love Sage and are loyal to it. That's good. Raising this issue of privacy with Sage is not attacking them or confronting them. It's about working out an important part of your relationship with the developer; perhaps just as important as working with them to fix a bug.

[Mark SS]

One of the most entertaining threads I've read in a long while. Nothing like a paranoid nut job to lighten up your day!

[stanger89]

Quote:

Originally Posted by highlands

So, if a user asks what's being done with data collected from him, he's making a fuss. If a developer were to reassure him, it would be retarded?

No, but explaining how your key/registration system functions would be dumb.

Quote:

I must admit I'm more sensitive to Sage because the information involved has to do with what I do in my home in my spare time. We have a more intimate relationship with Sage than most other software.

Do you use anything like MS Money or TurboTax? There's lots of software that's far more "personal" than Sage is.

Quote:

Now, you said several times I am making a "fuss". Others have made light of the issue in this tread as well. You make me feel like a cranky, eccentric, village idiot. However, from my standpoint, I think the real story here is how you guys are so lax about your personal information.

No, most of us are trying to figure out what the big deal is. Your name isn't displayed or stored anywhere that's visible. Given that, we're at a loss for what the big deal is.

Your license key (for any software) is tied to your name, and your information, regardless of how you enter your registration info. I mean, you have to give SageTV LLC your name, credit card, address, phone (I think) when you purchase a product from them. And that's on a website.

We just can't understand how entering your name in the registration dialog is such a big deal when you've already given them your name to purchase the product.

If Sage was a free product that required your name to register/use, then there'd be more to be concerned about because the need for your name would be questionable.

There are lots of products out there that are far more "dangerous" WRT to personal information than Sage. It just seems you've picked about the most harmless thing possible to make a big deal about.

The basic issue is that privacy concerns have been raised before (do a search and you'll come across the thread where Dan made the statement), most of them had more "teeth" than this one. And (so far) all privacy concerns have been addressed by Sage when necessary.

Further, many of us who are "loyal" to Sage as you say, are the ones who have been using Sage for a long time. Sage doesn't do anything unusual WRT personal information, well maybe they do do something unusual. Sage doesn't even track annonymous usage data. Many other PVRs (Tivo comes to mind) do. All personal data is stored locally on the user's personal machine.