Likes / Dislikes Support for Elgg without spyware v0.3.2

Release Notes

 

Same as the Pedro Prez plugin exactly, but this one is without spyware ping home function.

I posted a comment to him and instead of addressing it he chose to delete my comments and ignore the issue, so I chose to do this.

 

 

  • The ajax now works for the tabs and for the activity widget.
  • In this release I have improved the integration with the riverfaces and flyer plugins.
  • Hi.

    Tell me where can I delete the spyware in my copy of his plugin?

  • start.php ;-) LOLZ..

        function river_comments_ping_home() {
            $NOTIFICATION_SERVER = "http://www.keetup.com/services/api/rest/php/";
            // Get version information
            $version = get_version();
            $release = get_version(true);   
            $site = get_entity(datalist_get('default_site'));
            $sitename = $site->name;
            if (is_callable('mb_encode_mimeheader')) {
                $sitename = mb_encode_mimeheader($site->name,"UTF-8", "B");
            }
            send_api_get_call(
                $NOTIFICATION_SERVER,
                array(
                    'method' => 'keetup.system.ping',
                    'pluginname' => $sitename,
                    'sitename' => 'river_comments',
                    'url'      => $site->url,
                    'version' => $version,
                    'release' => $release,
                ),
                array()
            );
        }

  • BMan's code is clean with no "spyware" ping-back.. I checked his version's code ;-)

  • bman,

    I think you should delete this plugin.

    This plugin is not and have not spyware code, as Dhrup mentined the plugin makes a ping back. You can check it on line 19 of the README.TXT

    This program automatically will add information just once to the keetup.com servers. This information is sent when the plugin is activated.
    The information will be useful for us to know which elgg version does the user has installed and then we can know the majority and we can focus on that particular version.
    If you are not agree with this practice please feel free to comment line 11 of the file
    /mod/
    likes/views/default/settings/likes/edit.php
    You should that line like this
    //run_function_once("likes_ping_home");

    Again please, delete this plugin because I have been working a lot of time with this to the community, I dont want nobody mess it.

    Thanks

  • Any pingback without CLEAR opt-out is spyware.

    From the wikipedia definition of spyware, the very first line.

    Spyware is a type of malware that is installed on computers and collects little bits of information at a time about users without their knowledge. 

    I understand that it is mentioned in the readme, but you should have made it clear on the download page seeing as its sending this data the first time you run it, i had no choice to not have data collected upon installing this.  Being that I run a site that espouses the ideals of Privacy and Freedom I could not in good conscience allow this to remain.  If you are updating your plugin with a opt-out I would be glad to delete this.  But I posted on your plugin page, contacted curverider and waited to see what you did.  I saw no update but my comments were not addressed so I had to do what I thought was best.

    I am in no way trying to mess with your time in the community and I highly regard you among this community Pedro, and have worked with you in the past by offering support and code toward your Likes/Dislikes.  So please don't take this as a sleight against you.  But this is unacceptable and for my site to use this code I would have to offer it publicly in the same fashion as my use.  I have clearly credited you and left in all headers in the files.  If you are willing to make a way to opt out of your data collection procedure I would gladly delete this, but otherwise this is going to remain.

  • "La manera de hacer del mundo un lugar mejor es a través de buenas obras y la amistad."
    Pedro/Gush and Bman shud forgive the past  ;-)
    and collaborate to make Elgg-est the best-est ;-O

  • Critics become activists if ignored

  • Hello Bman,

    Wow! Thanks! Everyone should admire your strong desire for truth!

    Congratulations! Hari bol!

    With Love,
    Uddhava dāsa

  • indeed, this wasnt the first time I have took action after being ignored by unresponsive developers.

    And it will not be the last, I intend to do my best to work toward fixing these problems that run rampant in this community.

     

  • Hi bman,

    Actually I faced a very high security related issue with the Likes plugin of pedro and i found that its still there with this plugin too. The issue is, when I am on the riverdashboard and clik on some action related to A and B and say I am C. Then after clicking on like -its says "you liked this" and when go back to my profile, I am no longer logged in as 'C' but i am now logged  in as B.

     

    eg:

    A is friend of B is an event which i liked. Then I am automatically getting the session as 'B'.

    Everytime i observed that its the right hand side user.This issue is only seen in riverdashboard. On profile pages it works fine.

    Any inputs please?

     

  • hello bman,

    tnx for your engagement

    have a good time

    lisha

  • @Sai

    Can you tell me more about the version of elgg you are using and any other things that may affect this?  I will try to reproduce it and see what I can come up with.

  • I am removing the Likes - Dislikes plugin completely from my live site.

    Thank you bman for pointing out the "ET phone home feature"

    I must agree with bman's post - any coding that sends data to someone else without notification or permission is SPYWARE.  I wil consider re-installing it once the issue here is resolved.

  • @Rob,

    BMan's version actually removed the E.T feature ;-) Believe... I checked out his code LOLZ.. BMan is a strong and sincere believer in FSF and OpenSource. You can use his code version with no fears ;-O  no ET !!! I hope Pedro follows suit and incorporates similar opt-in / opt-out in the settings.

  • hey bman...thanks for the response mine is version 1.7 and i am using Custom white theme.But i have disabled the theme and tried it with default elgg theme also and faced the same issue.i am not sure if any of the existing plugins are interrupting..

  • @Sai 

    Would you mind posting some screenshots of it?

    I can't seem to reproduce this but I will keep trying

  • I've popped in after receiving an email saying bman is following me, even though I don't use Elgg at present.

    @Pedro Prez; This thread and other posts regarding your plugins 'phoning home' certainly ring alarm bells for me. First off, you don't give users the option to allow it or not, or even tell them your plugin(s) do this. Stealthy, and not good manners. If nobody has anything to be concerned about, why are you hiding this? Furthermore, if you have refused to answer bman's posts and deleted them, then you must have something to hide.

    If I was still using Elgg (and I may again in the future) I'd use bman's versions, and stay away from yours unless you explain yourself and respect people's privacy and liberty on the Internet.

  • @all - easy fellas we're all human. If you read the code carefully enough you can see what information it's collecting. This is not the only plugin Pedro is working on at the moment, so cut him some slack.

    Furthermore, as to the concept of what this tiny little bit of code is doing, it's a welcome sign from resident 3rd party devs. I'm kindly allowed to use this plugin free of charge. What's more the dev is recording some information that is aimed at improving future versions seamlessly. No needless surveys etc.

    The idea is great. Now to the point about opting-out. This is a right that people should have. I'm sure he'll get around to putting it in. (Pedro look at the code for Curverider taking in usage stats in any elgg Site Admin page at the bottom. You can easily enough stick that into your settings/edit.php file for 'Likes')

    Please don't forget that devs providing plugins for free means their major efforts must go in other directions. Your schedule for using the plugin ASAP doesn't always coincide with his schedule of releasing an update later in the week. Let's not jump to conclusions.

  • I've stated before the exact data collected and that I do not care what he is using it for, @trajan why dont you think of it this way, do you really want anyone with data as to what versions of elgg you are using and what your site address is?  Don't see the potential for misuse you are being naive.  

    Lets say tomorrow there is a vulnerability reported for 1.6 Elgg and now you have a list of sites that are vulnerable to hacking in a 3rd party's hands.  

    ANY data collection that is not totally optional from the beginning is my issue.  This goes back as long as the people have been using the internet.  Its not a new scandal, its established as being a BadThing for many years.

    Again though, I also have waiting for Pedro to have time to remove the ping_home feature while he has been posting new plugins since, so maybe I am being naive in thinking he would handle this most basic issue so I could remove this plugin.  Looks like I will be supporting this fork long term.

    I don't buy into the "you got it for FREE so you shouldnt expect much", I have used Linux since 1994 and never expected anything but the best and it has delivered, Elgg can do the same if the level of greed around here decreases.  

Stats

  • Category: Communication
  • License: GNU General Public License (GPL) version 2
  • Updated: 2014-11-17
  • Downloads: 2655
  • Recommendations: 8

Other Projects

View bman's plugins