Reply
Thread Tools
Posts: 3 | Thanked: 0 times | Joined on Dec 2013
#11
Originally Posted by Mikma View Post
1) devel-su
2) rm -rf /usr/share/harbour-flashlight
Password is needed... root & ENTER failed
 
mrsellout's Avatar
Posts: 889 | Thanked: 2,087 times | Joined on Sep 2010 @ Manchester
#12
The password is the one you set in Settings > System settings > Developer mode
 

The Following 2 Users Say Thank You to mrsellout For This Useful Post:
Posts: 1,067 | Thanked: 2,383 times | Joined on Jan 2012 @ Finland
#13
Why dont you just use "pkcon remove [packagename]"? doesnt need root password, and does clean uninstall... Or better yet, just long tap the icon and uninstall it from GUI?

People should not use random rm commands, as they can mess up the system.
__________________
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.
 

The Following 9 Users Say Thank You to rainisto For This Useful Post:
Posts: 284 | Thanked: 661 times | Joined on Aug 2013 @ Finland
#14
Originally Posted by rainisto View Post
Topic is missleading, sending usage statistics to home is not a malware. Its quite normal application behaviour.
Yeah, it's normal nowadays (albeit a bit strange on a simple flashlight app), but doing so without any permissions given by the user - that's malware-like behavior. Also, I changed the title as per your suggestion.

Originally Posted by rainisto View Post
Must be just you. I did read the qml code on what data application sends, and as it doesnt send anything else than usage statistics, I'm still a happy user and havent uninstalled anything. And will continue using his great apps without any problems. [...] And his statistic function was in very readable QML file so he wasnt trying to hide anything (usually malware would do it in secret and with hidden functions outside QML [...]
I'm sure you too acknowledge there's a problem in the way the app behaves currently; data collection without even a mention anywhere in the relevant sources like Jolla Harbour. In other words: I shouldn't have to learn qml to know what the app does inside my phone. That's why Ts&Cs exist.

The persisting of uninstallation in usr/share is strange too. A bit of malware-like even.

And for the last (but not least), I'd like thank you for being active here in these forums, even though you (have to) partake in lot of arguments and take a lot of flack, being a security engineer in Jolla is - I imagine - not the easiest position to be in this forum. Not all companies are so easily reachable, and I appreciate that alot. Thank you!
 
Posts: 284 | Thanked: 661 times | Joined on Aug 2013 @ Finland
#15
Originally Posted by rainisto View Post
Why dont you just use "pkcon remove [packagename]"? doesnt need root password, and does clean uninstall... Or better yet, just long tap the icon and uninstall it from GUI?

People should not use random rm commands, as they can mess up the system.
I deleted first using the GUI (long tap & delete) and the files still persisted in usr/share. Then I deleted using the command line since normal uninstallation didn't work.
 

The Following User Says Thank You to Thoke For This Useful Post:
Posts: 33 | Thanked: 26 times | Joined on Jul 2008
#16
Originally Posted by Thoke View Post
I deleted first using the GUI (long tap & delete) and the files still persisted in usr/share. Then I deleted using the command line since normal uninstallation didn't work.
Indeed. The folder is owned by root and because the default user is nemo, you can't delete the files that are left behind by the application.

I tried File Browser from harbour but it can't either remove the folder because of the missing permissions.

devel-su is the only option to remove it.
 

The Following User Says Thank You to Mikma For This Useful Post:
Posts: 284 | Thanked: 661 times | Joined on Aug 2013 @ Finland
#17
Originally Posted by Mikma View Post
Indeed. The folder is owned by root and because the default user is nemo, you can't delete the files that are left behind by the application.

I tried File Browser from harbour but it can't either remove the folder because of the missing permissions.

devel-su is the only option to remove it.
The strange thing is that, in case of uninstalling other applications, application folders are deleted from usr/share when uninstallation process has finished, but not in case of flashlight...
 
Posts: 189 | Thanked: 143 times | Joined on Nov 2009
#18
And not in the case of the wikipedia app .
 
Posts: 3 | Thanked: 25 times | Joined on Jun 2011
#19
Hi there

Flashlight is my app. I explained the point of view a couple of times already, most detailed in together, but can do it again.

*Mis-information*
Yes, app should have told somewhere in About what exactly it collects. I messed up with it, partially because of a huge hurry with developing flashlight (people on IRC remember it a lot), partly because I underestimated the geek level of the current Jolla crowd.

*App permissions in general*
That was not the goal, but I am quite happy that the discussion about app permissions is now front and center. I personally was crying for Apple permission model I think from before the public device launch even. And I am sad it doesn't exist.

Flashlight collects usage stats only and I do think that AB-testing app features and knowing how many people use it is very useful for the developers (I even made a public port of Mixpanel stats analysis platform that you should totally use if you care about understanding the user behavior). Sure, users don't have to use apps if they disagree, informing about app privact policy is useful.

Think, however, that right now any Cool Clock app for Jolla can easily fetch all your home videos, contact information and emails (won't be able to make calls probably, but not sure about it). Think about it and go discuss loud and clear e.g. at https://together.jolla.com/question/...ecurity-model/ that seems to be primary thread nowadays.

*What happens with Flashlight privacy then*
That is if somebody is interested

- Currently stats gathering is disabled completely (ver 2.1 under harbour QA at the moment). Partially because of messup with information about it, but mostly because of a bad user experience: starting network connection for Flashlight is too slow and clumsy, it doesn't really need it to function

- Privacy attitude explained in a stand-alone page accessed right from the main menu item

- In the future I plan to make some settings to opt in/out (might be required by EU laws actually, need to check)

- Major reason for stats gathering would be own motivation by looking at user stats + potential [hopefully] cool social features such as "see in which countries people use flashlight same time as you do" or "hey, you are now top flashlighter in Finland!"

- And/or probably throttle stats gathering. These social features are just an idea for now. Until they come to reality, sampling 1% of users will be enough to get an idea on how much people use the app.

- And I will probably monitor connection state not to break user experience to set up connection when it needs it only for app stats.

P.S.
Just to reiterate the important point:
1. This storm in a water glass happens precisely, because nothing fishy is collected or hidden, you can see all [quite simple] QML if you are a developer.
2. But think about a hundred of other apps you installed already. How complex do you think would it be to hide sending of your private videos in any of them while the permission system is non-existent?
 

The Following 25 Users Say Thank You to artem.marchenko For This Useful Post:
pycage's Avatar
Posts: 3,404 | Thanked: 4,474 times | Joined on Oct 2005 @ Germany
#20
Collecting usage statistics is quite common for apps, but in Maemo/MeeGo/Sailfish land the rules are a bit different.
And we're proud of that.

It's good that you're honest with your intentions, and that it raised the security concerns about the Sailfish platform in general.

But always let the user decide if they want to opt-in to help you improve the product. The comments in the store are a valuable source of feedback, too. So collecting usage statistics may not even be needed.
__________________
Tidings - RSS and Podcast aggregator for Jolla - https://github.com/pycage/tidings
Cargo Dock - file/cloud manager for Jolla - https://github.com/pycage/cargodock
 

The Following 12 Users Say Thank You to pycage For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 12:28.