AB
Premium
join:2006-04-04
Leesburg, VA
| reply to dave
Re: Is installing a Coupon Printer safe?
I take the information reported there to be not very flattering towards TRUSTe's practices, either.
Which is worse-- the spyware vendor, or the watchdog organization that claims the spyware vendor's software is on the up-and-up?
»www.truste.org/
quote:
About TRUSTe
TRUSTe helps consumers and businesses identify trustworthy online organizations through its Web Privacy Seal, Email Privacy Seal and Trusted Download Programs. . . .
Apparently we can trust Coupons, Inc. to install spyware.
So I guess that's what they mean when they refer to 'Trusted Download Programs'.
Lovely. |
|
bedelman
Premium
join:2004-06-20
Cambridge, MA
| reply to sailor
Ben Edelman, here
Howdy folks. I'm the author of some research about Coupons.com's practices, so I thought I'd chime in, in case I can be helpful. I read the discussion above, and it seems like everyone is getting the information they seek -- or at least reaching a reasonable conclusion. If there's anything I can do to clarify, just ask.
In short: I stand behind the facts in my two articles about Coupons.com -- last year and just last month. I believe I have appropriate proof -- both posted on my site and within my files -- to confirm the accuracy of my allegations. Jeff's message above ("does not require or collect any personal information...") does not change my view: Read his message carefully, and you'll notice that his statements are actually entirely consistent with the troubling practices I identified, including intentionally-deceptive filenames and registry keys, incomplete uninstall, retrieving sensitive computer-specific informatoin, etc. |
|
Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
 ·AT&T U-Verse
1 edit | reply to sailor
Re: Is installing a Coupon Printer safe?
It sounds dodgy enough to me to steer clear of it. Spyware
isn't worth the $1.00 savings on a name brand that you
could likely equally save by buying a store or generic
brand.
Edit: (OT) in posting this, I got the following fortune - it
matches my avatar and is even from the same main character
(the one played by Tom Baker):
quote:
The very powerful and the very stupid have one thing in common. Instead of
altering their views to fit the facts, they alter the facts to fit their
views ... which can be very uncomfortable if you happen to be one of the
facts that needs altering.
-- Doctor Who, "Face of Evil"
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
|
|
JeffW
@pacbell.net
| reply to sailor
Sorry, not totally familiar with the forum software. If you can't reply via email to this post, you can contact me via our website www.couponsinc.com.
Mr. Edelman was incorrect about our collection of information like the Windows product key. We use a very standard method of anonymous identification for the computer hardware where specific local information never leaves the machine. If you read Edelman's August post on our software, he *recommended* we use this method.
I'd be happy to continue the discussion of our software via email if you have real concerns or recommendations. |
|
JeffW
join:2008-04-06
Mountain View, CA | reply to sailor
OK, I'm registered now, so hopefully you can email me if you want. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| reply to JeffW
said by JeffW  :I'd be happy to continue the discussion of our software via email if you have real concerns or recommendations. Following that to it's logical conclusion, who needs this site or any other public forum for that matter?
Wouldn't that be counter productive to the purpose of a public forum? If there's nothing to hide there's no valid reason to cloak a discussion with such a request. |
|
JeffW
join:2008-04-06
Mountain View, CA | reply to sailor
Fair point. I'll respond to the extent I can be constructive. |
|
bedelman
Premium
join:2004-06-20
Cambridge, MA
1 edit | reply to JeffW
promising not to track, then tracking anyway
I emphatically disagree with the suggestion that Coupons.com is doing what I "recommend."
My August post said "Coupons.com could label its files and registry keys appropriately -- treating its users with dignity and respect, rather than assuming users will try to cheat". Coupons.com still is not doing that; files and registry keys continue to bear deceptive names.
I continued: "Alternatively, Coupons.com could use recognize computers on which it has previously been installed, without resorting to deceptive files or registry entries." Tongue in cheek, I went on to point out that notorious spyware vendor Direct Revenue (subsequently the target of NYAG and FTC litigation) used exactly that method -- indicating that it's hardly a method to celebrate. Crucially, nowhere did I suggest that Coupons.com should use such methods when its public statements promise exactly the contrary ("The Coupon Printer does not gather or ask for any personal information about ... your computer"), when its privacy policy is silent on the subject, and when its license agreement says only that anonymous not pseudonymous information is being collected.
If Coupons.com fairly and frankly told users that it is checking sensitive computer-specific data (hard drive serial number, Windows product ID, etc.), and tracking users and repeat installs on that basis, that would be one thing. But Coupons.com exactly promises not to do this -- then does it anyway. (See my March article, subheading "Additional Violations".) I can't think of anyone who supports that tactic, not to mention "recommend[ing]" it. |
|
JeffW
join:2008-04-06
Mountain View, CA
| reply to sailor
Re: Is installing a Coupon Printer safe?
Ben, our privacy policy states:
"Automatically Collected" Information: When you use the Sites or open one of our HTML emails, we automatically record certain data using technology, including "clear gifs" or "web beacons," cookies (discussed above), IP addresses, unique "device IDs" (similar to IP addresses), and log files."
The information you are referring to; serial numbers etc., is *not* collected by Coupons, Inc. A unique ID, that cannot be reconstituted into any of the original information (one-way hash), is sent. An ID that is unique to a given hardware device, without revealing anything about that device or the individuals using it. I think that is a "unique device ID" clearly contemplated by the Privacy Policy.
As always, we welcome your input on how we can improve the software or our Privacy Policy, as long as we can accomplish the print controls necessary for our business. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
·Verizon FIOS
2 edits | I'm interested hearing the rationale for giving files and registry keys deceptive names, and for attempting to hide them in places that will make them look like part of Windows.
That behaviour is, in itself, sufficient for me to advise people to stay away from this software.
--dave (Microsoft MVP, Security) |
|
rawwhide
Zer0
Premium
join:2000-09-03
Zero
clubs:
·AT&T DSL Service
1 edit | reply to SnowyOne
said by SnowyOne :Ha! That's what you think!  Try mask this data Coupons inc. collects to identify 1. The serial number of your hard drive, 2. The bios version of your motherboard, 3. The bios manufacturer of your motherboard, 4. The bios element id, 5. The windows cd key which was entered when windows was first installed on your computer, 6. The windows product id stored in your registry 7. and the windowsnt digitalproductid stored in your registry. » www.tenbucks.net/index.cfm/2008/···ing-userBe aware, Coupons inc. will sue to prevent this type of data from being disclosed to it's victims customers. Shame on Bayer Health Care & Coupons inc's other clients for associating with this type of company. I guess I could always contact every one of it's clients with a heads up & then see which ones bail & which ones prefer to continue to support this type of activity. I guess I've got the time to take on another community service. Memo to self: Coupons inc. Blank and Blank makes simple work of the collection of information and the printing software installed on a machine. However, I was actually alluding to the fact that once the coupon is printed that copying the coupon is easy and the supposed limitation of distribution of such coupon is gullible on Bayer's part. To think that we security minded folk here would just take that answer and go away, ummm you don't know us very well. 
To JeffW:
Like I said before there is some other motivation(collection of data or the tracking of clients) that has Bayer using this software. I feel you are wanting to actually gather info and track those that download/print the coupons. I think the part about limitation of distributing the coupon is a front to hide the fact that you do want to track customers. There is money in it some where or else you wouldn't do it. There is easier ways to limit a coupon such as expiration dates. Limit the amount of time it is usable, oh wait, thats right, you dont care about actually limiting the use of these coupons. 
--
Tin-Foilers Union of America!!
Tin-Foilers Union Local 101... |
|
B A
Premium
join:2002-03-03
united state
clubs: 
| reply to sailor
The Bricks coupons are safe. It is done that way to keep you from printing more than two coupons. It will also give you the option if it doesn't install to have the coupons mailed to you.
However, if you have clicked and already tried to get the coupon and couldn't, they will say you have exceeded the amount your allowed to print and won't let you have one. It does register your IP address. You won't get spam or other things from it. It tracks you to limit how many you can print. There is a number on the coupon that is only on your coupon, and this is to limit forgery and people counterfeiting coupons. Yes, it does happen and sometimes in very large dollar amounts. Lately there was a huge one on Pampers.
I guess it would depend on where your concerns lie as to whether or not you wish to install it. Most major corporations utilize this tool, including Kroger.
However, let me advise to you you might want to check to see if you store will even accept IP coupons (many DON'T because of the counterfeiting) before you even consider it. And as I said BRICKS will mail them to you.
»www.ktsm.com/news/local/6390407.html
As far as the security, I haven't ever had a problem with it. But I also don't use it now because our local stores don't accept them anymore.
--
The cleaning and scrubbing will wait till tomorrow, For children grow up, as I've learned to my sorrow.
So quiet down, cobwebs. Dust go to sleep. I'm rocking my baby and babies don't keep.
|
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
·RoadRunner Cable
·AT&T CallVantage
4 edits | reply to JeffW
I have in the past, and still do advise my associates against non-critical applications that collect internal information from a system, particularly the license and activation keys to operating systems and their MACs, BIOS levels and HDD information. Site and enterprise keys are particularly sensitive and should be considered proprietary information by the holders. As for the encoding, I believe that if one has the algorithms to encode, one can decode.
I'd also question the value of the program to the product providers, since it appears to me that controls are placed based on "fingerprinting" the PC and OS. This would render common use/public access computers in libraries, hotels, universities, group homes, senior citizen and community centers relatively useless for printing, since there could be multiple requests for the same items from the same PC by different legitimate requesters.
So, the "coupon printer" should be relatively useless for common use/public PCs, since several users may request the same items at different times. If these PCs are not limited, I would conclude that the system fingerprinting information is being unnecessarily gathered or is being collected for other purposes.
Again, I'd like to see the issues Ben points out resolved, not just discussed.
--
Mayors of New York come from nowhere and go nowhere.
Wallace Sayre (apparently, so do governors... ) |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
| reply to rawwhide
said by rawwhide :I was actually alluding to the fact that once the coupon is printed that copying the coupon is easy and the supposed limitation of distribution of such coupon is gullible on Bayer's part. Aah, I wasn't looking at it that way, good point.
That brings up another potential concern.
Are these coupons identical or are they unique to the person printing them? If they are encoded with a unique identifier under the guise of stopping such cheats, that could be problematic to the whole privacy issue. |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
·Callcentric
·RoadRunner Cable
·AT&T CallVantage
2 edits | said by SnowyOne :If they are encoded with a unique identifier under the guise of stopping such cheats, that could be problematic to the whole privacy issue. Add to that the issue I raised of multiple legitimate users of a public access PC. Using the system information or unique identifiers on a coupon could lead to a legitimate requester being falsely accused of fraud.
[OT] but personally I wish coupons would go away. They're a time consuming PITA, and using a whole sheet of paper when you only want one or two items is wasteful at best. but that's a separate topic.[/OT]
--
Mayors of New York come from nowhere and go nowhere.
Wallace Sayre (apparently, so do governors... ) |
|
MrFixit1
join:1999-11-26
Madison, WI
| reply to sailor
For anyone who has not yet checked it out ,
»www.coupons.com/corp/source/u_pr···licy.asp
is their current privacy policy.
An interesting read if you read it with just a normal amount of paranoia .
Really love the part about log files .
Especially since I see no definition of what a " log file " covers .
Let's see , just how much information could I gather from a users log files ?
Isn't that what SIW starts with ?
|
|
B A
Premium
join:2002-03-03
united state
clubs:
| reply to SnowyOne
said by SnowyOne :said by rawwhide :I was actually alluding to the fact that once the coupon is printed that copying the coupon is easy and the supposed limitation of distribution of such coupon is gullible on Bayer's part. Aah, I wasn't looking at it that way, good point. That brings up another potential concern. Are these coupons identical or are they unique to the person printing them? If they are encoded with a unique identifier under the guise of stopping such cheats, that could be problematic to the whole privacy issue. »www.wired.com/politics/onlinerig···/coupons
--
The cleaning and scrubbing will wait till tomorrow, For children grow up, as I've learned to my sorrow.
So quiet down, cobwebs. Dust go to sleep. I'm rocking my baby and babies don't keep.
|
|
rawwhide
Zer0
Premium
join:2000-09-03
Zero
clubs:
·AT&T DSL Service
| said by B A :said by SnowyOne :said by rawwhide :I was actually alluding to the fact that once the coupon is printed that copying the coupon is easy and the supposed limitation of distribution of such coupon is gullible on Bayer's part. Aah, I wasn't looking at it that way, good point. That brings up another potential concern. Are these coupons identical or are they unique to the person printing them? If they are encoded with a unique identifier under the guise of stopping such cheats, that could be problematic to the whole privacy issue. » www.wired.com/politics/onlinerig···/coupons OMG.. I better edit my post some. I told people how to circumvent all the coupon.com mess. Not directly how to but gave them just enough to get them pointed in the right direction.
--
Tin-Foilers Union of America!!
Tin-Foilers Union Local 101... |
|
rawwhide
Zer0
Premium
join:2000-09-03
Zero
clubs:
·AT&T DSL Service
| reply to SnowyOne
said by SnowyOne :said by rawwhide :I was actually alluding to the fact that once the coupon is printed that copying the coupon is easy and the supposed limitation of distribution of such coupon is gullible on Bayer's part. Aah, I wasn't looking at it that way, good point. That brings up another potential concern. Are these coupons identical or are they unique to the person printing them? If they are encoded with a unique identifier under the guise of stopping such cheats, that could be problematic to the whole privacy issue. Exactly. I could go into the local library as SnowyOne and print a few coupons. Then go make tons of copies. They will come looking for you.
--
Tin-Foilers Union of America!!
Tin-Foilers Union Local 101... |
|
sailor
Merry Whatever ..R.I.P. dadkins
Premium
join:2003-10-21
Long Island
| reply to sailor
As I previously posted, Bayer emailed me and told me they would send via first class mail their $9.00 coupon book. The book did arrive and they also included a coupon for (1) free Multi-Vitamin and they included in the envelope a letter thanking me for bringing to their attention my concern over downloading ( coupon printer ) something in order to print the $1.00 off printable coupon on their site that day.
So my thanks to Bayer for following up on sending me coupons and my thanks to those experts here in the Security Forum as I am glad I came here to ask about " is installing a coupon printer safe" when I first encountered it at Bayer's site in my reading about their Men's Health One-A-Day Vitamins. |
|
