i suppose you connect everytime to verify your registration.

the thing is, there is no way for the end user to have any assurance that the program isn't sending any other data that might not want sent(usernames/passwords, hand histories, my hole cards?).

i know it seems unlikely, but is there some kinda of spyware program that will tell me the exact data sent out and recieved by this program while it is running?

They connect to the internet to verify registration and ensure that you don't give your key out to anyone else. It's simply to protect them from people who would try to cheat them.

I can't see any reason why they'd want to steal from you, but if for some reason you don't feel comfortable using their software it's pretty simple - don't use it.

well there should be some way to confirm what info is sent right? i doubt they are doing anything either but there is no reason not to be sure

I feel I have proven myself to be honest and trustworthy. PokerAce Hud is a major deal to me and I stand to lose a lot if it was determined that my software was stealing data. Nothing more than your registration information is sent to the server.

If you would like to travel to Pittsburgh, PA, I can show you the source code so you can see exactly what is being sent. I obviously can't make the code public though. I suppose I can do nothing more than give you my word.

[ QUOTE ]
I feel I have proven myself to be honest and trustworthy. PokerAce Hud is a major deal to me and I stand to lose a lot if it was determined that my software was stealing data. Nothing more than your registration information is sent to the server.

[/ QUOTE ]

sure sure. its not about trust.

[ QUOTE ]
If you would like to travel to Pittsburgh, PA, I can show you the source code so you can see exactly what is being sent. I obviously can't make the code public though. I suppose I can do nothing more than give you my word.

[/ QUOTE ]

thanks for the quick response BTW. i really like your software and i hope you dont think i am trying to imply you are a crook. its just business you know?

[ QUOTE ]
sure sure. its not about trust.

[/ QUOTE ]

Sure its about trust. What is it about then? If you trusted him there would be no concern. There are thousands of PA Hud customers. Do you not think that someone would've found out by now if Josh was sending anything other than your registration code?

If you dont trust anyone, then grab a packet sniffer and prove it to yourself...

[ QUOTE ]
[ QUOTE ]
sure sure. its not about trust.

[/ QUOTE ]

Sure its about trust. What is it about then? If you trusted him there would be no concern. There are thousands of PA Hud customers. Do you not think that someone would've found out by now if Josh was sending anything other than your registration code?

If you dont trust anyone, then grab a packet sniffer and prove it to yourself...

[/ QUOTE ]

the point i was trying to make is why accept something on faith when you can look at the evidence/investigate and determine the truth with some certainty. ie there is no need to 'believe' the law of large numbers is true when you can prove it to be so.

basically i just want to know how i can find that 'packet sniffer' program. would that be enough to determine everything is on the up and up?

Google "packet sniffing" and you can see everything transmitted to the pokeracesoftware.com website. Personally I think you're wasting your time but knock yourself out. Make sure you get back to us with your findings /images/graemlins/wink.gif

Btw, he may encrypt the data (which I believe he does to keep your registration info safe). In that case not only would you need to sniff out the data being transmitted you'd have to also break the encryption.

And while you are at it, look up paranoid on Google as well.

I'm still ussing 1.08.

a) can I upgrade to 1.10 and then go back to 1.08 if I want?

b) Can I fire up computer and let 1.10 connect to internet and verify and then reboot and keep it firewalled for that day?

[ QUOTE ]
I'm still ussing 1.08.

a) can I upgrade to 1.10 and then go back to 1.08 if I want?

b) Can I fire up computer and let 1.10 connect to internet and verify and then reboot and keep it firewalled for that day?

[/ QUOTE ]

You can go back to version 1.08 but you will be missing out on the bug fixes and new features from the current version.

PA Hud only needs to check your registration info about once a week. It only tries to connect every 3 days. I mentioned to another user who was concerned that you can create a separate account on your computer and lock everything down, just give PA Hud access to the PA Hud directory and let it connect once a week. The rest of the week use your normal account that has PA Hud blocked.

[ QUOTE ]
And while you are at it, look up paranoid on Google as well.

[/ QUOTE ]

is it paranoid to test drive a car before you buy it? or check out its safety rating online? it is paranoid to check out some software that potentially had indirect access to 70% of your net worth? come on.

its has nothing to do with paranoia. it has everything to do with just spending an hour or two just to confirm that everything it ok. with many thousands (many to me at least) of dollars on the line its just common sense.

As others have already said, in MTH's case all MTH does is to check the registration on startup and if there's a new update available. Other than that, no internet connectivity is needed, nor used.

Ethereal is a very good packet sniffer: http://www.ethereal.com/

Just for the record, I don’t like it either. Great software, I bought it, I use it, I’d be lost without it ... but I don’t like it going to the net.

One possible problem: Altered versions might be put up on file sharing networks. No telling what the internet connection might be sending in that case.

I’m hoping PokerAce is keeping his eyes open for a better method of protecting his intellectual property.

Oh yeah, and if you wanna check the transmission, feel free to do so, MTH uses plain cleartext XML / Text when transmitting the license data, so it's viewable by anyone.

[ QUOTE ]
As others have already said, in MTH's case all MTH does is to check the registration on startup and if there's a new update available. Other than that, no internet connectivity is needed, nor used.

Ethereal is a very good packet sniffer: http://www.ethereal.com/

[/ QUOTE ]

thanks buddy

[ QUOTE ]
Just for the record, I don’t like it either. Great software, I bought it, I use it, I’d be lost without it ... but I don’t like it going to the net.

...

I’m hoping PokerAce is keeping his eyes open for a better method of protecting his intellectual property.

[/ QUOTE ]

I don't like it either. I have no reason to believe that either PokerAce or OrcaDK are up to any evil, in fact from all appearances they are standup, helpful, and considerate guys.

Still there is an issue. While software authors want to protect their intellectual property, their customers want to protect their privacy and would prefer a design that does not require much more than faith that the software will perform as described. Imagine what it would be like if every software vendor accessed your computer to make sure your the software you were using was legitimate. Wouldn't that be a bit like all merchants you dealt with searching your house to make sure you have not stolen something from their shops. We are not prepared to accept that from vendors of physical gods, and we should not have to accept that form vendors of ethereal(?) goods. There must be a less invasive in which software vendors can protect their property.

MKR

[ QUOTE ]
One possible problem: Altered versions might be put up on file sharing networks. No telling what the internet connection might be sending in that case.

[/ QUOTE ]

Why would you download PAH from a file sharing network unless if you are looking for a cracked version? In that case, most cracked stuff contains virus', trojans, etc. If you are a registered user then this makes zero sense. If you are trying to steal the software then you deserve the headaches with it /images/graemlins/smile.gif

[ QUOTE ]
Still there is an issue. While software authors want to protect their intellectual property, their customers want to protect their privacy and would prefer a design that does not require much more than faith that the software will perform as described. Imagine what it would be like if every software vendor accessed your computer to make sure your the software you were using was legitimate. Wouldn't that be a bit like all merchants you dealt with searching your house to make sure you have not stolen something from their shops. We are not prepared to accept that from vendors of physical gods, and we should not have to accept that form vendors of ethereal(?) goods. There must be a less invasive in which software vendors can protect their property.

[/ QUOTE ]

You do realize that PAH does not search your computer. It simply sends your registration code to a server to determine if its valid. There is a difference. No privacy is invaded. You do not 'own' the software. You own a right to use the software. To make your comparison correct, it would be like you were renting an apartment from me. I have the right to visually inspect the apartment with notice to ensure everything is fine.

[ QUOTE ]
their customers want to protect their privacy and would prefer

[/ QUOTE ]

I have my computer set up with absolutely no identifying information on it, unless I go into my encrypted password manager.

Unfortunately, 1.10 lists your full name and email address in the help->about box.

Not a big deal, but it is the only place on my whole computer with easily accessible personal information.

I have pokertracker and PAHUD. To be honest, I worry more about what Party et. al. might be up to on my machine. And what about Microsoft and Norton for that matter? The Sony fiasco should be a reminder that being a well known brand is not a guarantee of propiety.

Even if in our paranoid fantasies Josh and Pat are up to no good, they would not have the resources to exploit any info they obtained (they seem to spend most of their time improving their products, or providing customer support). Come to think of it, perhaps that's why Party CS is so bad, they're all busy stealing our data...

Actually, I hope everyone is scared to use PAHUD and MTH. It makes life better for the rest of us if more people play without these aids.

APerfect10, I'm usually behind you all the way, but I think I disagree with you on this one. If somebody wants to see the information being sent by the app, you shouldn't call them paranoid and insist they quiet down (like you did). Instead, you can just point them towards the nearest packet sniffer and tell them to knock themselves out (like MTH did).

It's not unreasonable to want to see what's being sent. If these are programs that are only run while poker clients are up, then suddenly you COULD see your opponents' cards, if you were in the evil PAHud lair under a volcano (in Pittsburgh, apparently). That's the problem with Lawman's post. There's some pretty easily exploited information here; it's not unreasonable to ensure it's not being exploited.

I haven't bothered to sniff either the PAHud or MTH packets, but when I see a community member volunteer to do the work and then post a trip-report, I'm happy to encourage them.
-Sam

[ QUOTE ]
APerfect10, I'm usually behind you all the way, but I think I disagree with you on this one. If somebody wants to see the information being sent by the app, you shouldn't call them paranoid and insist they quiet down (like you did). Instead, you can just point them towards the nearest packet sniffer and tell them to knock themselves out (like MTH did).

[/ QUOTE ]

Go back and read my responses. I never said that anyone was paranoid. Someone else followed my response by adding that they should google 'paranoid'. What I did do was point them in the direction they needed to head. I mentioned that they should google packet sniffing and to knock themselves out although I feel they are wasting their time. You are right though, if someone wants to know what data is being transmitted from their computer that is their right. I would not stop anyone from doing so...

I think you confused someone elses response with mine /images/graemlins/wink.gif

[ QUOTE ]
Why would you download PAH from a file sharing network unless if you are looking for a cracked version?

[/ QUOTE ]

Not everyone reads these forums so I think it quite possible that someone might stumble across the program on a file sharing network. Perhaps the program is recommended to someone who doesn’t find your site by Google but manages to find it somewhere else. Someone may host an altered version on their own website without your permission. A person might conceivably send or give an altered version to their “friends”. Maybe your host is down, I need to reinstall due to computer problems, and a big tourney is about to start. (This one happened to me while using your (defunct?) competitor’s product. Just a few of the ways someone with no evil intent might download from somewhere other than your site.

A user trying to avoid paying by intentionally seeking out a cracked version does indeed deserve whatever problems they encounter. If poker accounts and bank accounts should get emptied out due to an unauthorized version of your program, you too would have major headaches. If users don’t “expect” PAH to access the net, any time it attempted to do so would signal that something was wrong.

The scenario in which your host is down and I am ready to play is completely beyond your control. That one is not just a “what if”, it is something I have already experienced. Major major annoyance.

I am not the only one who is unhappy with this. The fact some of your customers are unhappy about something you are doing should cause you to at least think about the issue. Yes, you’ve shown yourself to more dependable than your competition when it comes to ongoing customer support and addressing customer concerns – please keep up the good work – but even Big Brother Microsoft only insists that I prove my purchase to them one time, not on an ongoing basis.

I understand your desire to protect your property and to be paid for your work. I feel that the method you are currently implementing to do so is invasive. Also, it has the potential to cause problems for unsuspecting users who download from other sources, and to thereby cause major problems for you.

Please keep an open mind and look at alternatives.

I am a registered and paid user. I am still using version 1.09a beta because it does not connect to the net.

Your argument about someone downloading a bogus version from a file sharing network has nothing to do with this situation. Someone could build a counterfeit version and even if the original doesn't connect to the internet, the author of the counterfeit version could make that version do so. That is why you should only download from reputable sites, never from file sharing services.

There was some bad timing issues with the initial release of the activation server. My hosting company was under a denial of service attack. Taking into account that the only time the status of the server affects a user is when they initially activate their product, the downtime couldn't have came at a worse time. If the server went down today, very few users would be affected by it.

The reason I changed my registration system to this version was because of my users. The original registration system used a hardware based key. Unfortunately, I found out after I implemented and released it, that the registration is easily invalidated by minor changes in hardware configuration that left users stuck with the trial version. With this new version, PAH silently and unobtrusively verifies registration and the user can change his hardware at will without any problems with PA Hud.

The market for my product is relatively small compared to Microsoft. Half of their users could pirate their software and they would make a killing. My user base is exponentially smaller, so I need to protect my property. I gave this new system a lot of thought and it saves my users headaches as well as saving me hours each day that I can devote to making PA Hud that much better.

[ QUOTE ]

The market for my product is relatively small compared to Microsoft. Half of their users could pirate their software and they would make a killing. My user base is exponentially smaller, so I need to protect my property. I gave this new system a lot of thought and it saves my users headaches as well as saving me hours each day that I can devote to making PA Hud that much better.

[/ QUOTE ]

i am a huge fan of this exceptionally good program. if it has to connect to the internet for it to work then i am willing to live with that reletively minor annoyance.

i also support PAHUD's actions to protect his product as he really does have a rather limited pond from which to draw.
if this new system means more time for new features then i say bring on the features.

as far as packet sniffing goes i support those users who feel the need to check this out; however, i do not think that connecting to the internet is such a huge annoyance that new/current users should expect this to be changed. in the end, if there are any paying customers of PAHUD who refuse to use the product in its current iteration i will be very surprised.

cheers and keep up the good work josh,

sean

If users don’t “expect” PAH to access the net, any time it attempted to do so would signal that something was wrong.

If your server is down when my software wants to do it’s twice a week check, does my program still work?

Some of your customers didn’t like the old method ... and you changed it. Now some of your customers don’t like the new method. All you have to do is please all of the people all of the time. What’s so hard about that? /images/graemlins/wink.gif

Seriously, though, my intent is only to make you aware that some us have these concerns, and to ask that you continue to seek that elusive solution that will please all of us.

I don’t want to be argumentative and I really don’t want to get you feeling backed into a corner where you expend your energy defending your position rather than continuing to improve your already great product, so I’ll knock it off here.

Peace.

[ QUOTE ]
If you would like to travel to Pittsburgh, PA, I can show you the source code so you can see exactly what is being sent. I obviously can't make the code public though. I suppose I can do nothing more than give you my word.

[/ QUOTE ]

Josh, I didn't know you are a Yinzer. What part?

[ QUOTE ]
If your server is down when my software wants to do it’s twice a week check, does my program still work?

[/ QUOTE ]

Yes, it will still work. As long as it can contact the server about once every two weeks, things will work fine for you. As I said, the only people affected by outages are people trying to activate brand new registrations.

I realize this isn't a perfect solution and there are some who won't like it. In a perfect world, I wouldn't need piracy protection. I would much rather never have to worry about it. This new solution is the most ideal and painless for everyone.

[ QUOTE ]
Josh, I didn't know you are a Yinzer. What part?

[/ QUOTE ]

North Hills. Go Steelers! /images/graemlins/smile.gif

[ QUOTE ]
[ QUOTE ]
Josh, I didn't know you are a Yinzer. What part?

[/ QUOTE ]

North Hills. Go Steelers! /images/graemlins/smile.gif

[/ QUOTE ]

South Hills here. You ever play any poker in the NH? I've played at a couple places there.

I've played at one Sara's event, but that was months ago. Super weak players, but I don't like the risks involved.

you can use a program called ethereal.

[ QUOTE ]
I've played at one Sara's event, but that was months ago. Super weak players, but I don't like the risks involved.

[/ QUOTE ]

I don't know what Sara's event is, so I guess we've never played in the same games.

If you ever need a brew, first round is on me.

If you want to monitor network traffic, use ethereal

http://www.ethereal.com/