Privacy Issues

[stuckless]

Quote:

Actually around where I live almost nobody locks their doors ever.

I think that the issue of "closing your door" has more to do with security than privacy. Not having curtains or blinds on your windows... now that dealing with privacy. Where I grew, we didn't lock our doors either, but we sure had curtains, especially on the bedrooms

That being said, I agree that if you don't agree with a companies privacy policy, then your only real alternative is to go with another company/solution.

[Twinkle]

Quote:

Originally Posted by unkyjoe

Not really you don't, you just think you do. I mean you didnt write the software that collects that information, therefore this statement is inncorrect.

In the grand scheme of things, that's correct. However, in general, the loopholes aren't nearly as great.

Quote:

Originally Posted by unkyjoe

I understand your issues on Privacy, I think all of us here do, I do however think I would be a little more worried about giving out my CC information that I would about Sage collection viewing habits. I would try again to contact them concerning the issue and if they dont answer it to your satisfaction then stop using the software and quit your trolling on this forum.

Nuff said!

If you think that a dissenting opinion qualifies as trolling, than you need to grow up.

Quote:

Originally Posted by Taddeusz

But where does the distrust stop? At some point you have to put trust in a person or an entity that they will do exactly what they say they will do. SageTV isn't some huge money grubbing conglomerate. If it were discovered that they were collecting personal data through EPG updates that wasn't specifically disclosed in their privacy policy I'm sure they'd lose a lot of customers over it. I don't see that they have any reason to violate their own privacy policy.

They have the same reason many companies do - profit. If they started selling useage data, it would be a windfall. But you're ignoring the other part of why I dislike call home routines - the data transferred is almost never properly encrypted, which means that it's at risk from others.

Quote:

Originally Posted by bhyman1

You're posting on a publicly accessible web forum and you're worried about privacy?

Sure. That's not an analogous comparison. This isn't about hiding, it's about protecting. My posting on a public web forum doesn't give out any information I'm not aware of, and I know exactly when it happens. You can't say the same about a call home routine. Don't take a slice of my stated concerns out of context.

Quote:

Originally Posted by bastafidli

That seems to me like a feature request. If you do decide to go with Sage in its current state I suggest you submit it to Sage and get in line with the rest of us. We are all paying customers and we all wants some additional features, you are just one of us with different priorities. I think yours is a good idea but so it Netflix Watch Now, support for subtitles, ability to select audio tracks in mp4s and tons of others.

At this point in time, that's fine. I'm satisfied with the solution of a third party EPG (well, semi-satisfied, given the difficulty of implementing it cleanly). At this point, I'm simply responding to general comments about the concerns about a call home routine.

Quote:

Originally Posted by othy

Genuine question here, not an attack. What third party EPG software have you found that has a privacy statement worded more precisely than this? This seems like pretty standard boilerplate to me.

And again, I can't get past the notion that the third-party software I choose could still collect a bunch of data to transmit when it calls home. At least SageTV has a track record with me. If I switch over to a third-party provider, I'm back at square one as far as who to trust in regards to data collection.

Tim

You don't understand - this has nothing do with with any privacy statement. It has to do with minimizing the chances for a data leak. With Sage, the developer and the place you're logging into for EPG is the same. Couple that with their existing statements that they *do* collect data, and the motivation to collect more, and you have a situation where you're putting all your eggs in one basket - so to speak.

On the other hand, if I use a third party app to get data from a third party service (not the same as the app's developer), than the chances of a breach are much much slimmer. In addition, it's very easy to configure your firewall so that the app can ONLY access the service's site, and you prevent it from calling home to the developer even if it was set up to do so. You can't do this with Sage (with its standard setup), because you can't block access to the developer without blocking access to the primary EPG servers as well.

So, it has nothing to do with who to trust - you simply minimize the possible ways for your data to be leaked without your knowledge and consent.

Quote:

Originally Posted by Opus4

You can choose whether you want to believe this statement from SageTV, but that is the extent of it.

My position as a future customer is that I don't like having to rely on anyone's word on the matter. I prefer to be able to ensure my privacy without losing functionality of the program. That's all.

Quote:

Originally Posted by sandor

twinkle, how about you just run Sage as a stand alone HTPC, like i do. that way nothing but television viewing habits are available? i do absolutely nothing else on my server.

another positive of a stand alone HTPC is that it is **much** more stable than a multi-use PC with SageTV (or any DVR) installed on it.

Sandor, I appreciate the suggestion. The problem is that a call home routine still causes issues. First of all, I don't know if my name and serial number are being sent as part of the data exchange - I don't want either going out on the net without my knowledge and consent. There's also the potential for my system and network information to go out as well - this gives additional leverage to someone trying to break through my systems.

And seperate from all that, there's the potential that useage data will be sent out - if not now, then possibly in the future. And as I said earlier, in an age where the government wants to know what books people are borrowing from the library, I'm damned well concerned about protecting information about what I watch.

Quote:

Originally Posted by GKusnick

Regardless of where the data comes from, a third-party plugin that uses the SageTV API to put EPG data into Wiz.bin can just as easily pull favorite lists, watched history, imported video titles, and so forth out of Wiz.bin and transmit them who-knows-where. As othy says, unless the plugin is open-source and you have the competence to read it (or write it yourself), you've just traded trust in a known entity (the SageTV devs) for trust in some unknown pseudonymous person somewhere out there in the interwebs.

Incorrect. As I stated in a recent post, you can block access to all sites except the service you choose to use for EPG data. That would prevent almost all call home routines from succeeding, unless the app was coded by the service you use (which is why I wouldn't do that).

Quote:

Originally Posted by cnovak

Why bother emailing if your attitude is no one can be trusted anyways? If they were nefarious as you claim they would likely just lie about it anyways.

You've already consumed more person-hours with this "discussion" than if you put your "actual experience" to work and fired up a packet capture.

The simple fact is, if you run software you are vulnerable to the particular software company, plus any insecurities and vulnerabilities that may be exploited.

I'm so tired of FUD mongers. Please stop taking the amphetamines and go back to your normal medication, it'll be easier on all of us.

Cory

Try learning some tolerance and having an open mind. It will do wonders for your ability to learn from people and not come off as a... well, fill in the blank as you see fit.

As for why bother emailing, it was to see if there was a solution to my concern. The possibilities that have come up address the issue without having anything to do with who to trust.


As for my consuming person-hours - I was trying to ask a question and have a discussion. This is usually one of the foundation actions towards learning - you shouldn't dismiss it so quickly. And my running a packet capture would be useless in this case, because the point is that if a call home is allowed, the information exchanged could change at any point.

Quote:

Originally Posted by GKusnick

I think at least part of it is due to the fact that he's repeatedly said that the SageTV folks can't be trusted. Not that he doesn't trust them (a statement about him) but that they are untrustworthy (a statement about them). Some of us take exception to that.

Read my posts again. My comments had absolutely nothing to do with the developers of SageTV, personally. It has to do with the fact that when you open your privacy and data to others on nothing more than the say-so of their good intentions, you will almost always get burned. As I stated several times earlier, a call home routine is a risk even if the developer has perfectly good intentions and keeps to them. The fact that the data is being sent at all means that it can be intercepted by others.

I find it ironic that people keep misreading what I'm saying, or taking things out of context - and then accuse me of trolling, or fear mongering, or insulting the Sage developers.

Quote:

Originally Posted by GKusnick

Yes, of course it's possble. But as I pointed out earlier, nothing stops such a plugin (or any third-party plugin for that matter) from extracting data from Wiz.bin and sending it anywhere. Unless you have access to the source code and the skills to evaluate it, you're still stuck trusting somebody.

Nope. As I stated earlier, you can be selective about access and trust is a non-issue.

Quote:

Originally Posted by CyRex

Adding on to what GKusnick already said, I think Twinkle's remarks came off as a bit condescending. Also, he consistently countered any suggestions that he may be over-cautious by saying anyone not as cautious as he was ignorant.

At least that is the feeling I got when reading this thread...

-Dan

I apologize if any of my comments came across as condescending.

However, I did counter suggestions that I'm being over-cautious because history and experience shows that my concerns are based in fact and not paranoia.

Let me turn this around - imagine if you were trying to say that it's important to look both ways before crossing the street. If someone tells you that you're being over-cautious, you have the foundation to say that it is a factually (and not just by opinion) based concern. It's also not incorrect for you to say that a person who says it's not important to look before crossing isn't aware of the dangers.

That has nothing to do with being condescending, and it's not incorrect either.

Quote:

Originally Posted by toricred

Actually around where I live almost nobody locks their doors ever.

Then, as sad as it is, it's only a matter of time before one of them gets robbed or worse (assuming that it hasn't happened already). I don't say this to be melodramatic or pessamistic - it's a fact of life. If you leave your money out in the open, someday someone's going to take it.

Quote:

Originally Posted by toricred

That aside, what I'm saying is that if you don't trust Sage, then don't do business with them.

Well, my point was that I wanted to find a way to work with Sage despite my issues with their call home routines. The pick-up-your-ball-and-go-home approach doesn't always work in real life. Most of the time, you have to adapt, and that's what I was trying to do.


Edit: After re-reading this, I realized how pessamistic my first comment comes off as, despite my intentions to the contrary. Let me try adjusting this by amending my example to say that if you leave your money out in the open, there's a pretty decent chance that someday, someone's going to take it.

[Polypro]

Quote:

Originally Posted by tmiranda

This is simply not true. Your license code is sent to Snapstream and from there they know an awful lot about who you are. They also collect viewing information, but you can opt out of that. (If you trust that checking that little box actually does anything. )

I couldn't find the tounge in cheek icon

P

[Twinkle]

Quote:

Originally Posted by evilpenguin

I'm actually kinda of curious about what data you're worried about being exposed. TV watching habits, video library contents, location, etc?

A non-malicous call home function usually exchanges identifying information - so you have the potential for name and serial numbers going out. Aside from that making it easy to connect a name with the IP, it also gives out a free serial number. I've seen people be accused by developers of giving out their serial numbers when the true culprit was their own call home routines making it available to anyone sniffing packets.

In addition, from what Sage has openly stated, information about my system goes out. First of all, there's an issue of principles - it's like someone opening your front door and peeking in because they want to see how you've furnished your home. Just because they want it doesn't mean they have a right to it, and doing it without asking for permission first is rude and invasive. Aside from that, I'm sure many of you have seen people use personal information when naming computers, volumes, or folders. If someone named their computer after their children or pets or likes or dislikes, now the simple transfer of "technical information" isn't so simple anymore. And the information transfer isn't as sanitary and non-personal as you might have originally thought. Aside from the fact that Sage has no right to take such data without asking for permission first, I also wouldn't want any one sniffing my packets to find it either. Not even counting the personal information that could be present, knowing the OS, machine specs, and network structure gives leverage for someone to break into your network and systems.

Concerns about transferring location based information should be self explanatory.

And I spoke earlier about the issues of viewing habits. It's no one's business but mine, and I don't like the possibility of that going out. It has potential ramifications that are non trivial to say the least.

[Taddeusz]

You say that they're taking this information without your permission but by installing the software you're agreeing to their EULA which probably includes an agreement to send certain data along with EPG updates.

While click-through EULA's are a bit shaky to begin with you can't say that you didn't give them permission. By installing the software you're agreeing to their terms and conditions of it's use.

[MeInMaui]

It's nice to know that SageTV allows you to use 3rd party EPG data. It is essentially an opt out of the phone home at the expense of only the function that requires it. Not bad if you ask me.

Aloha,
Mike

[sandor]

Twinkle, not to be an ass, but i *am* assuming you do not have a bank account or credit cards or own your own home or search using google/yahoo/etc....


i completely agree with the idea that people need to be wary in terms of protecting their personal information - heck, here in Philly we just had a twenty-something year old couple get arrested for identity theft. they lived a rich person's lifestyle on the identities of others.

the kicker? they stole all the identities and credit card numbers, etc the old fashioned way - they snooped around homes and apartments when they were invited over. nothing high tech, just an old fashioned confidence trick.

...then they are released on bail, the girl moves to california awaiting trial, starbucks hires her stating "innocent until proven guilty" blah blah blah... and she gets caught copying down and using customers credit card numbers....



so yeah, technology is watching all the time, we know that, but it is the dude living next door reading your mail that will screw you royally.

[Opus4]

I think the original question was answered and now things are just going in circles w/a few insults thrown in here & there, so the topic is now closed.

- Andy