Page 1 of 11
Unforgivable! Plugwise stealing data !!!
Posted: Wed Dec 10, 2008 1:09 am
by Digit
What i found out this evening is really very ugly, dishonest, dirty, unbelievable. It's an outrage !!! I can't find words for what Plugwise is doing with OUR data.
Look at i saw going out to portal.plugwise.com (194.50.163.148):
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<UploadData Type="Request" Version="1.0" Language="nl" Date="2008-12-09T23:28:16+01:00">
<Session>fliuvg7s0i1bi0bv695ccoop15</Session>
<Appliances>
<Appliance><![CDATA[ID'|'Type'|'Description'|'CounterTotal'|'ModuleID'|'RoomID'|'Usage'|'ScheduleID'|'SchedulePriority'|'BudgetID]]></Appliance>
<Appliance><![CDATA[1'|'lamp'|'Boxjes'|'0,200168931190447'|'2'|'1'|'0'|'0'|'3'|'0]]></Appliance>
<Appliance><![CDATA[2'|'computer_desktop'|'PC Robert'|'16,5501531438716'|'7'|'1'|'199,802134712174'|'0'|'3'|'0]]></Appliance>
<Appliance><![CDATA[3'|'dishwasher'|'Vaatwasser'|'8,02017959894623'|'12'|'2'|'0'|'0'|'3'|'0]]></Appliance>
<Appliance><![CDATA[4'|'refrigerator'|'Koelkast'|'1,28886941256959'|'11'|'4'|'66,3119182074174'|'0'|'3'|'0]]></Appliance>
<Appliance><![CDATA[5'|'freezer'|'Vriezer'|'1,73837927653305'|'13'|'4'|'0'|'0'|'3'|'0]]></Appliance>
<Appliance><![CDATA[6'|'zz_misc'|'Tel en Bel'|'0,214492461747032'|'4'|'6'|'0'|'0'|'3'|'0]]></Appliance>
<Appliance><![CDATA[7'|'tv'|'TV/Audio'|'7,30041220279089'|'3'|'8'|'23,3069965800786'|'0'|'3'|'0]]></Appliance>
<Appliance><![CDATA[8'|'computer_laptop'|'Laptop'|'2,63651590390247'|'6'|'7'|'45,9801062238721'|'0'|'3'|'0]]></Appliance>
<Appliance><![CDATA[9'|'zz_misc'|'ttt'|'0,0818252124357215'|'5'|'1'|'0'|'0'|'3'|'0]]></Appliance>
<Appliance><![CDATA[10'|'zz_misc'|'ttt 2'|'2,44394265785144'|'10'|'1'|'0'|'0'|'3'|'0]]></Appliance>
<Appliance><![CDATA[11'|'zz_misc'|'ttt 3'|'0,0383154713927396'|'9'|'1'|'0'|'0'|'3'|'0]]></Appliance>
<Appliance><![CDATA[12'|'zz_misc'|'ttt 5'|'8,45421976442622'|'8'|'1'|'0'|'0'|'3'|'0]]></Appliance>
</Appliances>
<Token>278E9E16593F3360992EC2FB3DF31A92</Token>
</UploadData>
Firewall logs showed unusual traffic -> installed Wireshark -> the truth came out!
And there's more, lots more that is being sent to plugwise.
If plugwise think they're allowed to do this, then think again guys!
I said No !!!
Can't you listen? What's wrong with you guys?
I immediately want, no demand, a bugfix !!!
Plugwise steelt data van klanten!
Unforgivable! Plugwise stealing data !!!
Posted: Wed Dec 10, 2008 1:19 am
by Ruud
That's i was afraid for!!!! see the discusion before over this.
Ruud
Unforgivable! Plugwise stealing data !!!
Posted: Wed Dec 10, 2008 1:19 am
by Rene
I fully agree!
@Robert: Maybe it us wise to blur your private information in the screenshot.
Rene.
Unforgivable! Plugwise stealing data !!!
Posted: Wed Dec 10, 2008 1:20 am
by Noel
Can you not disable this option when installing it?
If not. How about adding '127.0.0.1 portal.plugwise.com' to the windows hosts file?
Unforgivable! Plugwise stealing data !!!
Posted: Wed Dec 10, 2008 1:22 am
by Digit
No you can't, there's also a validation process going on to the same IP.
So probably Source will not start then.
Unforgivable! Plugwise stealing data !!!
Posted: Wed Dec 10, 2008 1:32 am
by Snelvuur
thats exactly the reason why i filled in crap at the registration part, since i noticed it tried to contact the portal. also you need to activate it via email and such, which is not true. Since it works under linux without activation, this is purely then done because they want information.
Would be also nice to sniff out the traffic when it asks for a registration, see what it does, and fake it locally if they dont come up with a sollution.
If they said somewhere "we want to store your information for our own personal business bla bla bla, do you want this to hapen yes/no?" then it would be a different story. Cant say i didn't warn in the other post too..
p.s. i filled in crap at the beginning for all plugs. then blocked that address (hosts -> 127.0.0.1) then went further.
// Erik (binkey.nl)
Unforgivable! Plugwise stealing data !!!
Posted: Wed Dec 10, 2008 1:39 am
by Digit
It's not registration i dislike, they already know i have their stuff, i ordered it.
It's not validation of use, i can live with that.
It's the data! And read back, i was sceptic also.
Unforgivable! Plugwise stealing data !!!
Posted: Wed Dec 10, 2008 1:41 am
by Noel
I've just added '127.0.0.1 portal.plugwise.com' to my hosts file, and Source started up okay for me.
Like snelvuur I also added 'crap' to the registration part when I installed Source.
I guess you can call this a bad habit of me
Unforgivable! Plugwise stealing data !!!
Posted: Wed Dec 10, 2008 1:47 am
by Snelvuur
normally i just use
spam@binkey.nl , and then when i use it.. i close the account again. i get around 1000 spams a week. What still comes through is annoying.
I even had that letter from scrappy electronics (data was stolen from opus database)
http://www.dutchcowboys.nl/advertising/15534 so its not for nothing.
// Erik (binkey.nl)
Unforgivable! Plugwise stealing data !!!
Posted: Wed Dec 10, 2008 1:50 am
by Digit
Let's keep focused. Next time they hard-code the IP, if they haven't done that already. They have to stop doing this !! That's the only thing that matters, no matter what tricks you can think of.
Unforgivable! Plugwise stealing data !!!
Posted: Wed Dec 10, 2008 1:51 am
by Snelvuur
well you can always post this information on there own forum, to keep the flames coming..
// Erik (binkey.nl)
Unforgivable! Plugwise stealing data !!!
Posted: Wed Dec 10, 2008 1:51 am
by Noel
I normaly create a virtual custom email address (in this case plugwise@one_of_my_domains.tld)
When I ever receive spam on the virtual email, I know who did it
Unforgivable! Plugwise stealing data !!!
Posted: Wed Dec 10, 2008 2:01 am
by Bwired
I checked this a while ago if data was send from within the Plugwise Source software but it was not the case!
I have version 20080807, I never updated it!
Unforgivable! Plugwise stealing data !!!
Posted: Wed Dec 10, 2008 6:10 pm
by tijmen
En het is nog legaal ook...
Uit de licentievoorwaarden:
6. Privacy en gebruik (persoons)gegevens
6.1. Plugwise gebruikt de door de Programmatuur verwerkte gegevens voor wetenschappelijke, statistische en historische doeleinden, en om haar producten en dienstverlening te verbeteren. Zonder afzonderlijke toestemming zal Plugwise uitsluitend technische gegevens verzamelen die niet te herleiden zijn tot natuurlijke personen in het huishouden en/of de onderneming van Gebruiker. Verwerking van persoonsgegevens zal steeds geschieden in overeenstemming met de Wet Bescherming Persoonsgegevens en het privacy beleid van Plugwise zoals gecommuniceerd op de Plugwise website.
Unforgivable! Plugwise stealing data !!!
Posted: Wed Dec 10, 2008 6:54 pm
by flexer
This could be a reason for me NOT te buy equipment from this supplier. This is privacy sensitive data they collect, and you should know that before you take the decision to buy. It's a delicate subject, see also the recent comments in the dutch media regarding the 'slimme energiemeters':
http://www.consumentenbond.nl/actueel/n ... eters_EVRM
But has somebody already requested a official statement from Plugwise regarding this subject?