You are not logged in.

#1 2016-04-28 19:38:30

Luc
Member
Registered: 2016-04-28
Posts: 2

Grace taking screenshots of my desktop?

Hi. I am new here. I downloaded and installed the Grace plugin on my computer yesterday and came across something very unusual.

The software didn't really work, and I know why, but the real reason that brings me here is that it seems to have created two files in my Temp directory: a text file named "bugreport.txt" with a bunch of data on the error plus data that identifies my machine quite specifically, and an image file named "screenShot.png."

The image file is indeed a screenshot of my desktop session. It didn't contain anything sensitive, but could have.

Since the 64-bit version did not work, I uninstalled it and tried the 32-bit version, this time more interested in my Temp directory than actually running the software. Sure enough, Grace didn't work and once again took a screenshot of my desktop session.

What kind of crazy invasion of privacy is that? Are your users aware of that practice? Is that noted anywhere in your website?

Last edited by Luc (2016-04-28 19:39:25)

Offline

#2 2016-04-28 23:52:51

Shannon
Administrator
Registered: 2015-09-07
Posts: 162

Re: Grace taking screenshots of my desktop?

Hi Luc,

Thanks for checking out Grace. Sorry it didn't work for you. I have just put out another update with some bug fixes.

As you found out, Grace (and Poise both) generate bug reports in event of errors. The bug reports are generated by a programming library called "MadExcept". You can read more about it here http://madshi.net/madExceptDescription.htm
MadExcept and similar libraries are commonly used as it makes finding bugs a whole lot easier.

Luc wrote:

What kind of crazy invasion of privacy is that? Are your users aware of that practice? Is that noted anywhere in your website?

To be completely honest, it doesn't feel like a massive invasion of privacy to me. I'm certainly not hoovering up realms of data. Regardless, I'm glad you raised the issue. I'm open to changing my business practices if something is of concern.

The bug reports aren't sent automatically. They remain on your machine until you send them through. Some people send though the entire report, others filter out sections they consider sensitive.

I can see how the screen shot might accidentally capture something sensitive. However, they are rarely attached to emails. I don't think that happens automatically anyway. I'll look at turning the screen shot capture off. (It's just a setting in the MadExcept software.)

The text of the bug report contains minimal amounts of personal information. I think there is the ID of your machine, a username and email address. What information in the bug report would you consider sensitive?

The bug report functionality isn't advertised on the website anywhere. In event of the bug report, the information being collected and the process is all pretty explicit. Nothing is happening secretly behind peoples backs.

Offline

#3 2016-04-30 19:45:23

Luc
Member
Registered: 2016-04-28
Posts: 2

Re: Grace taking screenshots of my desktop?

Shannon wrote:

Hi Luc,

Thanks for checking out Grace. Sorry it didn't work for you. I have just put out another update with some bug fixes.

As you found out, Grace (and Poise) both generate bug reports in event of errors. The bug reports are generated by a programming library called "MadExcept". You can read more about it here http://madshi.net/madExceptDescription.htm
MadExcept and similar libraries are commonly used as it makes finding bugs a whole lot easier.

> What kind of crazy invasion of privacy is that? Are your users aware of that practice? Is that noted anywhere in your website?

To be completely honest, it doesn't feel like a massive invasion of privacy to me. I'm certainly not hoovering up realms of data. Regardless, I'm glad you raised the issue. I'm open to changing my business practices if something is of concern.

The bug reports aren't sent automatically. They remain on your machine until you send them through. Some people send though the entire report, others filter out sections they consider sensitive.

I can see how the screen shot might accidentally capture something sensitive. However, they are rarely attached to emails. I don't think that happens automatically anyway. I'll look at turning the screen shot capture off. (It's just a setting in the MadExcept software.)

The text of the bug report contains minimal amounts of personal information. I think there is the ID of your machine, a username and email address. What information in the bug report would you consider sensitive?

The bug report functionality isn't advertised on the website anywhere. In event of the bug report, the information being collected and the process is all pretty explicit. Nothing is happening secretly behind peoples backs.

Thank you for your reply, but I'm afraid this exchange has come to its end. Taking screenshots of users' desktop sessions denotes a serious lack of understanding of cardinal principles of privacy, respect and security. I no longer have any interest in any software you provide.

Offline

#4 2016-06-02 06:14:52

Shannon
Administrator
Registered: 2015-09-07
Posts: 162

Re: Grace taking screenshots of my desktop?

Due to this post and an email from another person, I've just removed the bug reporting tool from Poise. The bug reporting tool was responsible for the screen shots. I'll be removing the same bug reporting tool from Grace ASAP.

I'll likely include an alternative bug reporting tool in future, but only if it can be configured to exclude personal information.

Please don't hesitate to get in touch if anyone wants to talk about privacy issues further.

The Poise update is version 1.1.55.4 and can be downloaded from the Poise members page.

Offline

#5 2016-06-02 09:55:32

Tamb
Member
Registered: 2016-01-25
Posts: 4

Re: Grace taking screenshots of my desktop?

If the report (log/screenshot) is automatically sent via email, that would be weird.
But there is a prompt window with options on what you choose to send.

Last edited by Tamb (2016-06-02 10:17:10)

Offline

#6 2016-06-03 01:39:43

Shannon
Administrator
Registered: 2015-09-07
Posts: 162

Re: Grace taking screenshots of my desktop?

Yes, sending reports was entirely optional. Nothing ever happened in secret. Nevertheless, I'm looking into an alternative bug reporting tool that gives more options about what is included in the bug report. (The previous tool wasn't that configurable so there was no way to strip out personal information.)

I've just updated Grace to version 1.0.4.9. The bug reporting has been stripped out. http://onesmallclue.com/plugin/grace/

Offline

#7 2016-07-10 23:09:23

HeartfeltDawn
Member
Registered: 2016-07-10
Posts: 2

Re: Grace taking screenshots of my desktop?

Luc wrote:

Thank you for your reply, but I'm afraid this exchange has come to its end. Taking screenshots of users' desktop sessions denotes a serious lack of understanding of cardinal principles of privacy, respect and security. I no longer have any interest in any software you provide.

It's a wonder he goes online at all with that sort of paranoid tinfoil hattery.

Last edited by HeartfeltDawn (2016-07-10 23:09:36)

Offline

#8 2016-08-04 02:55:15

Nystagmus
Member
From: United States
Registered: 2015-12-07
Posts: 7
Website

Re: Grace taking screenshots of my desktop?

Shannon, thanks for making the change. 
I read somewhat about security vulnerabilities and issues, and anything is fair game in computer science. 
A lot of people really aren't aware of how security vulnerabilities are like legos that can be put together to build bigger and badder exploits.  So it's not a "tinfoil hat" thing; which is just a character attack.  And the military equivalent of a tinfoil hat is a Faraday Cage, and those actually work.  They are used for example to shield MRI (magnetic resonance imaging) scanners from electronic noise and interference from the outside world.  That's a peace-time example. 

Anways...

You did the right thing. 

I personally like having the non-debugger versions available because in Wine on Linux, in Reaper, sometimes the debugger fails partially and I have to manually force the entire program (Reaper) to quit because the debugger window won't quit popping up and won't close. 

So there's an extra added advantage for ya. 
Plenty of others will continue to be interested in your excellent software design and products. 

Peace be with you as always.

Last edited by Nystagmus (2016-08-04 02:58:22)


My tools:  Ubuntu Studio Linux, Reaper, EnergyXT, and FL Studio via WINE. 
My music:  https://SoundCloud.com/NystagmusE

Offline

Board footer

Powered by FluxBB