Cloudfogger Software Product Has Potentially HUGE Security Risks

The new 'Cloudfogger Software' product comes with a potentially HUGE Security Breach Risk, at least in my opinion...

I actually test freeware programs and utilities as a hobby; and I recently noticed a new software program called Cloudfogger v1.1.1270 was listed here at MajorGeeks on 2012-04-26; so I decided to download it in order to test it out. Cloudfogger; which was first released in January 2012, according to the developer's website, is basically a file encryption tool that allows users who install it to encrypt local files and/or files that you are synchronizing with online cloud storage services such as Dropbox, Box.net, SkyDrive and others.

While encryption may be a good choice when using cloud storage services; I just thought I would let folks know that a potentially HUGE Security risk comes with installing and using this Cloudfogger software program. If you decide to try it out; prior to actually installing it, I'd advise that users make sure that you take a few moments to read through the entire license thoroughly, but especially "Item number 10" -- The reason I would very strongly suggest a very careful viewing of the enclosed EULA license that comes with this Cloudfogger product; particularly the item #10 is because this is where you; the user give the developer "Cloudfogger GmbH" (who is evidently based in Germany, btw); as well as ALL of their "subsidiaries and affiliates" your permission to gather 'personally identifiable information' from your entire computer!

This developers EULA license directly and clearly implies that any such acquisition of information not restricted to purely 'technical data' about your particular PC system. This is an entirely unacceptable risk to your data IMO. Despite assurances it is solely for improving their product: Why they would they require any information at all (other than technical data) about your system? I mean what would this accomplish; other than allowing the developer, as well as their subsidiaries and affiliates to know all of the personally identifiable info within the contents of your system?

In other words: Clicking "yes" to this EULA surrenders their liability to any future potential misconduct or security breach by Cloudfogger GmbH, their subsidiaries and affiliates.

Does anyone out there really want some company based in Europe; or anywhere else for that matter, to have unlimited access to all of this personal information on their computer; especially without any liability whatsoever? In fairness; while it is possible that this may be a new program developer who simply designed the EULA license hastily or without really thinking it through or something, this is a humungous security breach risk IMO.

Good Luck -- COMP
​

 

Hello,

My name is Bernd Kammerberger from the Cloudfogger team. The EULA passage you talk about really is (or better: was) problematic. To say it in simple words:

Our own EULA choice for Cloudfogger was a really bad one.
The first version of our EULA was based on a template that we didn't check in enough details - that just seemed to be the fastest in easiest way to get started. Our fault.

Beginning with version 1.1.1270 we have changed the paragraph that you (correctly) complain about: We only track technical and some basic statistical data to be able to improve the product. All tracking data is only stored in anonymized form. That btw has always been the case, so we think the EULA and fortunately not the product has been wrong.

We are as you correctly note a German based company. German privacy laws are much stricter than in most other places in the world. All our servers are also based on German ground.

The whole Cloudfogger project got started because we here at Cloudfogger love the cloud but are concerned about security and privacy. You can be assured that we really, really take that seriously. We are never ever going to do anything that is not good for the privacy of our users.

I hope this helps to clarify the open issue. If anything remains please contact us any time at http://cloudfogger.com/support.

Best,

Bernd Kammerberger

 

Well sounds like i will watch out for this program.

 

>> The whole Cloudfogger project got started because we here at Cloudfogger love the cloud but are concerned about security and privacy. You can be assured that we really, really take that seriously. We are never ever going to do anything that is not good for the privacy of our users. I hope this helps to clarify the open issue. BerndK <<

Thanks so much for the 'lightning fast' response, Mr. Kammerberger... It's always good to hear from any product's software development team directly!

I had actually previously downloaded the install file for an older version your Cloudfogger file encryption software program (just a few months back); which was obviously prior to the most recent update.

However it is wonderful to hear the news that, beginning with version 1.1.1270; the Cloudfogger GmbH company had decided to alter the item question; within the program's previous EULA license!

As I mentioned earlier; occasionally, in particular 'newer' program developers, sometimes simply design their EULA licenses in haste or without really thinking it through (i.e. being "based on a template").

In retrospect, I probably should have thought to contact your company directly regarding this matter; prior to my posting it here at MajorGeeks (as well as in a couple of other forums) last night.

Anyway, I'll likely download Cloudfogger version 1.1.1270 again and test it out this week; and I'll also make sure to update and modify my posts in those forums accordingly - with regards to your response in here.

Side Note: Additionally, I also just now checked out your company blog and; as a huge fan and staunch advocator of 'safe to use' new freeware programs, I was very happy to hear that: "The one thing we know for sure is: Anybody who uses the currently available versions will always be free to use it. So no matter what comes, if you get Cloudfogger now you don’t pay."

Good Luck - COMP

​